Overview

overview

8

Static

static

7dd2c583d5...63.exe

windows7-x64

8

7dd2c583d5...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    141s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2022 01:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe

  • Size

    16KB

  • MD5

    f440616f4e196c7a94c055f714960985

  • SHA1

    42f7942c3c9454abc6d69b66c5633a17e65d3df5

  • SHA256

    7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63

  • SHA512

    bac004d0d3d723593ea871c627de0fe296fb21b96fa68cff311d781f2fe223c0d3bd55e24748130ce1613df0b6c2e1ecd1a15bf3af683660b5551aba8348f30b

  • SSDEEP

    384:a4wUAVoSxMqXtrcsgFyeiQ4jK7TaYCSwx5E:nf0oOMqbgFyed8kTvCxy

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe
    "C:\Users\Admin\AppData\Local\Temp\7dd2c583d5fcd3ec97cc03940f2b16d1b5558f2d52f82e375dec150e1061fb63.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\dele5696f5.bat
      2⤵
        PID:3960

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \??\c:\dele5696f5.bat
      Filesize

      271B

      MD5

      ff996acc2ef2cf1a6c2785da9b65a590

      SHA1

      7b56dcafabadf66e15d98bf74cbb56a8aae46e3e

      SHA256

      d1499c1b769b421d7f86e5a5292355a28a2398540ed028bdca8d21720189bb6c

      SHA512

      0adf7cb627af303b961bc35e618b1adb4d24c1d0c509455bc55c799f7fcc86938e2356d57947bd89f13e084703dfc1e58c11d501fc219b7ef709b19eb497a325

      Download Submit

    • memory/4004-132-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download

    • memory/4004-134-0x0000000000400000-0x0000000000415000-memory.dmp

      Filesize

      84KB

      Download