Overview

overview

7

Static

static

397daa3e07...1c.exe

windows7-x64

7

397daa3e07...1c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 16:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    397daa3e07ff89981085274653d68b12a5a0dd49011516a950b460b8d7fd741c.exe

  • Size

    17KB

  • MD5

    803d8385a11927efedb2efa29e5d4270

  • SHA1

    0cbfe2dfb00b085d134bf275a641cb55047713e1

  • SHA256

    397daa3e07ff89981085274653d68b12a5a0dd49011516a950b460b8d7fd741c

  • SHA512

    dc6d407389f89495bf3c3a80e3a1701bef185235d89ef4185b2f425b990e27e41f898b1bfbe7dce37478b0b58a7b202b4c8791e9f3eeadc329330d0ab2c30dc5

  • SSDEEP

    384:ynf8xXkwxvuLuHLv21DBBIgqHCHFfTY3UN3R6drZtsiNM6+tElNvofY8Dda:m8xxWLuHYBDOCHFf1ArZhmuAg8Dw

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\397daa3e07ff89981085274653d68b12a5a0dd49011516a950b460b8d7fd741c.exe
    "C:\Users\Admin\AppData\Local\Temp\397daa3e07ff89981085274653d68b12a5a0dd49011516a950b460b8d7fd741c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1352
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1360

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Windows\SysWOW64\issms32.dll
            Filesize

            25KB

            MD5

            ffd187d353f6934de65995e36db3cd8e

            SHA1

            a789701dad5cf5ad7c34bfabf02445081c079288

            SHA256

            14cf53301629dbe6aa61bb90b689471a8c85123c791a8dacabbab4e7b983e1ea

            SHA512

            2b7397f9e9d1d6217abe1e0e5955557654a8b3d762cd0e36c6c7fd639c4b41814b7966e5ef4c424a97cd40260259954b15a70b18e375a6988067639cdcf54629

            Download Submit

          • memory/1360-54-0x0000000002200000-0x0000000002201000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1360-55-0x0000000002210000-0x0000000002211000-memory.dmp

            Filesize

            4KB

            Download