Analysis
-
max time kernel
156s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
20/10/2022, 00:16
General
-
Target
abdd1a919533d8e63e30fcd3f79283233c6e8a248d2463d84778038fd13c0e9e.exe
-
Size
32KB
-
MD5
906def8e112bc2e5b577afc5bdba9330
-
SHA1
d77f8b78c9c183c33ed6c389165e4dc561333412
-
SHA256
abdd1a919533d8e63e30fcd3f79283233c6e8a248d2463d84778038fd13c0e9e
-
SHA512
1b95a87554b927f0c7034cdbab180249fb5734a3e85c2253c04e014df6b2693d4252595f76e808f35f2ea8b25f3a8c946e502a10ed844ab567e7f13938552265
-
SSDEEP
768:4ADe46xgBQOr2fc3r+A0o5nWJDBifYLsErpF:4ddxhOr2jA0LJIf3cpF
Score
10/10
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\abdd1a919533d8e63e30fcd3f79283233c6e8a248d2463d84778038fd13c0e9e.exe"C:\Users\Admin\AppData\Local\Temp\abdd1a919533d8e63e30fcd3f79283233c6e8a248d2463d84778038fd13c0e9e.exe"1⤵
- Modifies WinLogon for persistence
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
80KB
-
Filesize
80KB