Overview

overview

10

Static

static

1823dc5c03...3a.exe

windows7-x64

10

1823dc5c03...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    112s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/10/2022, 07:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1823dc5c039227e3081717fd9c0817b69e9cf18c41f3b613505f12287490083a.exe

  • Size

    45KB

  • MD5

    5988b5f7a34908a9e12a49a148ff20f0

  • SHA1

    014b36ccc33c90bdb576ec09751f7b864a4563b2

  • SHA256

    1823dc5c039227e3081717fd9c0817b69e9cf18c41f3b613505f12287490083a

  • SHA512

    a7f943432763fcd4256a1f4475c30c886ceecf838d87c41676f778e84d0a68029ebc744ca12f5083bb6d235ca3dabdd68b470a6242dcd10e5bce54fa2d439495

  • SSDEEP

    768:nXqNl2NCMdawELAGoYUSEcFzkCS/4lj+o/1H5k:XGlpvxlcu

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1823dc5c039227e3081717fd9c0817b69e9cf18c41f3b613505f12287490083a.exe
    "C:\Users\Admin\AppData\Local\Temp\1823dc5c039227e3081717fd9c0817b69e9cf18c41f3b613505f12287490083a.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\Miiplh32.exe
      C:\Windows\system32\Miiplh32.exe
      2⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1384

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\Miiplh32.exe
          Filesize

          45KB

          MD5

          a020a4b5711457e93d19c6eae2db2334

          SHA1

          34a37937cc2017ebba8c2a48f10b3e942a1a1ef1

          SHA256

          2932d29210d4b5f1db8983750fa2e601c18b465c21c934e467bdc924eff4dec0

          SHA512

          8d073aa1a895461eaff0b4aa5c27419291c5c00705b0fdbaee8530bbc9c8b914d01f53eab4d60ead5c6759f98bdd0af46ec049155d7c9905645e79ac4913d56b

          Download Submit

        • C:\Windows\SysWOW64\Miiplh32.exe
          Filesize

          45KB

          MD5

          a020a4b5711457e93d19c6eae2db2334

          SHA1

          34a37937cc2017ebba8c2a48f10b3e942a1a1ef1

          SHA256

          2932d29210d4b5f1db8983750fa2e601c18b465c21c934e467bdc924eff4dec0

          SHA512

          8d073aa1a895461eaff0b4aa5c27419291c5c00705b0fdbaee8530bbc9c8b914d01f53eab4d60ead5c6759f98bdd0af46ec049155d7c9905645e79ac4913d56b

          Download Submit

        • memory/1384-137-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1724-132-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download

        • memory/1724-136-0x0000000000400000-0x000000000042F000-memory.dmp

          Filesize

          188KB

          Download