Overview

overview

10

Static

static

39b210fec0...94.exe

windows7-x64

10

39b210fec0...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2022, 06:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39b210fec0f5fcd85310aceddb8af919e566f3fb0b249323586c86cdef590d94.exe

  • Size

    355KB

  • MD5

    391ad1263c4d56ca07e108521c964a35

  • SHA1

    e8d2e7be0d15bdebce794a8db1192350b31f6549

  • SHA256

    39b210fec0f5fcd85310aceddb8af919e566f3fb0b249323586c86cdef590d94

  • SHA512

    32efa674cc9a19f65235d209924b56826b40fc9160a4ad25a09f12c51226fd9e1af1e31ad501addad38ac0b8e2eadd2ea6fa886d7d1441b1c1b6ad5e35758bf2

  • SSDEEP

    6144:T3EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC4TSs9EiS:gmWhND9yJz+b1FcMLmp2ATTSsdS

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39b210fec0f5fcd85310aceddb8af919e566f3fb0b249323586c86cdef590d94.exe
    "C:\Users\Admin\AppData\Local\Temp\39b210fec0f5fcd85310aceddb8af919e566f3fb0b249323586c86cdef590d94.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:1120

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\apppatch\svchost.exe
          Filesize

          355KB

          MD5

          bdce69fb5b6f14b5b9f6c15f7513b153

          SHA1

          34eb0be87d93f9fbde3ece6524a84e345227d759

          SHA256

          b4e86a624ca632d16fdb9b99bb24a1842c35d96dd1890b919ee01e689062a1f2

          SHA512

          50d6736be97cedc21f442a4eec2327db9b0d0631a69547bc0581cb27239ff4ea2eb63fcfdd23e001c7b2ed47deee279392d2df8cd21e838acbfb5b610864abce

          Download Submit

        • C:\Windows\apppatch\svchost.exe
          Filesize

          355KB

          MD5

          bdce69fb5b6f14b5b9f6c15f7513b153

          SHA1

          34eb0be87d93f9fbde3ece6524a84e345227d759

          SHA256

          b4e86a624ca632d16fdb9b99bb24a1842c35d96dd1890b919ee01e689062a1f2

          SHA512

          50d6736be97cedc21f442a4eec2327db9b0d0631a69547bc0581cb27239ff4ea2eb63fcfdd23e001c7b2ed47deee279392d2df8cd21e838acbfb5b610864abce

          Download Submit

        • memory/1120-135-0x00000000026E0000-0x0000000002788000-memory.dmp

          Filesize

          672KB

          Download

        • memory/1120-136-0x0000000002B00000-0x0000000002BB6000-memory.dmp

          Filesize

          728KB

          Download