Overview

overview

8

Static

static

a8e7c1f9e6...87.exe

windows7-x64

8

a8e7c1f9e6...87.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 20:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a8e7c1f9e632f436a9f5d9d34b8a9af0ebdae7ff33820b5631311fb3ba8cc687.exe

  • Size

    63KB

  • MD5

    843bde15d124d8a04c1ff5c84fd0f9aa

  • SHA1

    625e2391ee83e2096c967958249e2babbafd4236

  • SHA256

    a8e7c1f9e632f436a9f5d9d34b8a9af0ebdae7ff33820b5631311fb3ba8cc687

  • SHA512

    0a1867c507411b1050a543135fccf3f12ec427e2f0d1562794aef5ad1016d37665fcc4be6db4cae5356b803e3497fecb583c37896c1586e91ba10c99f66b8474

  • SSDEEP

    1536:xuZsjJoF95XAhTxE7o96EgfAvybHD1MVrjjd4h7:xzYH7o96zvj1MVrj5S7

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates system info in registry 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1260
      • C:\Users\Admin\AppData\Local\Temp\a8e7c1f9e632f436a9f5d9d34b8a9af0ebdae7ff33820b5631311fb3ba8cc687.exe
        "C:\Users\Admin\AppData\Local\Temp\a8e7c1f9e632f436a9f5d9d34b8a9af0ebdae7ff33820b5631311fb3ba8cc687.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1720
        • C:\Windows\SysWOW64\RunDll32.exe
          RunDll32 "C:\Users\Admin\AppData\Local\Temp\401D.tmp",Init
          3⤵
          • Loads dropped DLL
          PID:1520
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1224
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1132

        Network

              MITRE ATT&CK Enterprise v6

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\401D.tmp
                Filesize

                60KB

                MD5

                e864a3fd42fc12182420c318b7524b14

                SHA1

                406e596899b2cc168ba40c8c848811480dc05e9d

                SHA256

                d21a206ff670a5ab1e05432b2c840f4535f76b898c00f9fe891a694cddde89ce

                SHA512

                3702c21868f2d5e39094d4d6d7c02ede9420152efe550c17d1e71e68a2617666f75223a3622e30ab241673b1aaab32d09c9cf0f8a2a146cf81cd0c33395e3b8f

                Download Submit

              • \Users\Admin\AppData\Local\Temp\401D.tmp
                Filesize

                60KB

                MD5

                e864a3fd42fc12182420c318b7524b14

                SHA1

                406e596899b2cc168ba40c8c848811480dc05e9d

                SHA256

                d21a206ff670a5ab1e05432b2c840f4535f76b898c00f9fe891a694cddde89ce

                SHA512

                3702c21868f2d5e39094d4d6d7c02ede9420152efe550c17d1e71e68a2617666f75223a3622e30ab241673b1aaab32d09c9cf0f8a2a146cf81cd0c33395e3b8f

                Download Submit

              • \Users\Admin\AppData\Local\Temp\401D.tmp
                Filesize

                60KB

                MD5

                e864a3fd42fc12182420c318b7524b14

                SHA1

                406e596899b2cc168ba40c8c848811480dc05e9d

                SHA256

                d21a206ff670a5ab1e05432b2c840f4535f76b898c00f9fe891a694cddde89ce

                SHA512

                3702c21868f2d5e39094d4d6d7c02ede9420152efe550c17d1e71e68a2617666f75223a3622e30ab241673b1aaab32d09c9cf0f8a2a146cf81cd0c33395e3b8f

                Download Submit

              • memory/1132-58-0x00000000001A0000-0x00000000001A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1520-66-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

                Filesize

                8KB

                Download

              • memory/1520-69-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download

              • memory/1520-70-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download

              • memory/1520-72-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download

              • memory/1720-55-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download

              • memory/1720-56-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download

              • memory/1720-71-0x0000000074E80000-0x0000000074EA3000-memory.dmp

                Filesize

                140KB

                Download