Overview

overview

8

Static

static

37a825189d...01.exe

windows7-x64

8

37a825189d...01.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    159s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2022 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37a825189d284ab47c3aaa51a3429a9508ab7e163c6ddde5d63fa9ac6f702c01.exe

  • Size

    145KB

  • MD5

    07ec84d8013092fd2e69e5ace47df7b1

  • SHA1

    1516f8f1b2ba1d75a2f05dda01d20aab56c8c2fd

  • SHA256

    37a825189d284ab47c3aaa51a3429a9508ab7e163c6ddde5d63fa9ac6f702c01

  • SHA512

    c414962cbdf63a40d99a206396da6dfb4a944513101796003a02aabe3e2556f7e571ffa7da793d30d785026caab3527200f275b85074d569c73cf3dced9484ac

  • SSDEEP

    3072:qoCA+ZqexSegL00H2TXOAiTMeKZ8z76D98TvxRmrC:qoCA+ZqexSRLK6AQ3KZT+Tvbd

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37a825189d284ab47c3aaa51a3429a9508ab7e163c6ddde5d63fa9ac6f702c01.exe
    "C:\Users\Admin\AppData\Local\Temp\37a825189d284ab47c3aaa51a3429a9508ab7e163c6ddde5d63fa9ac6f702c01.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:4904
  • C:\WINDoWS\SysWOW64\svchost.exe
    C:\WINDoWS\SysWOW64\svchost.exe /k netsvcs
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:5008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Help\79620.tmp
    Filesize

    128KB

    MD5

    aba4db03d64e2f99ed3f75f1de4fb57f

    SHA1

    334e4af86da75a02b30c2b02de0d4546f1321f66

    SHA256

    9a4f68a63cdd56a07a018e6a6f7f39cab6bda48a104bec8fb14cb9598bca8ad7

    SHA512

    9120567cf5c6b57e50d4076ad68c17e2b15fa9613696faa450cbe09aa31f379fde8f4ec9334ee76a12a2b248cf595148e28629337ced54aad83f0887c72398f5

    Download Submit

  • \??\c:\windows\help\79620.tmp
    Filesize

    128KB

    MD5

    aba4db03d64e2f99ed3f75f1de4fb57f

    SHA1

    334e4af86da75a02b30c2b02de0d4546f1321f66

    SHA256

    9a4f68a63cdd56a07a018e6a6f7f39cab6bda48a104bec8fb14cb9598bca8ad7

    SHA512

    9120567cf5c6b57e50d4076ad68c17e2b15fa9613696faa450cbe09aa31f379fde8f4ec9334ee76a12a2b248cf595148e28629337ced54aad83f0887c72398f5

    Download Submit