Overview

overview

8

Static

static

3a7c8d29de...61.exe

windows7-x64

8

3a7c8d29de...61.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    137s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 14:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a7c8d29de87cdb1b4f81540b71fc4835b509885bca4b232fe5e79c3a6cdae61.exe

  • Size

    174KB

  • MD5

    fdc96be128bf11763122a0a8dac1ccb4

  • SHA1

    62fa22f85cd2a79525e66fba8460a544c9e28db9

  • SHA256

    3a7c8d29de87cdb1b4f81540b71fc4835b509885bca4b232fe5e79c3a6cdae61

  • SHA512

    55bf1a509b03fc0eb16232c93ddaf6b1c27186cfccb86ccc474312162a336302fbd5e178c9fc289134cbbab1f8a94c5440f89a3ac0ee88885310ba92b2cbf859

  • SSDEEP

    3072:1p3fHRqQQxFDeOjmaeSb6Yd5vr0x8iDWVKAUA5i+XwxR:HRcfDevimsvr0x8iDmKRA5iqwx

Score
8/10
persistence

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 8 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\services.exe
    C:\Windows\system32\services.exe
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:472
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1224
    • C:\Users\Admin\AppData\Local\Temp\3a7c8d29de87cdb1b4f81540b71fc4835b509885bca4b232fe5e79c3a6cdae61.exe
      "C:\Users\Admin\AppData\Local\Temp\3a7c8d29de87cdb1b4f81540b71fc4835b509885bca4b232fe5e79c3a6cdae61.exe"
      2⤵
      • Registers COM server for autorun
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1712
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
        • Deletes itself
        PID:1372

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \systemroot\Installer\{d4e37f8e-5af0-9b64-e86d-0830097e992e}\@
    Filesize

    2KB

    MD5

    832d190f47c8d5384728826dfca4d1ab

    SHA1

    528b2a638b107911fd06e6e87278934544a33f1f

    SHA256

    93bf0ee5920d1bd811f4b12056874dc199969f9cce563d2b523417898900a9c8

    SHA512

    25ad2b643247a8af3e4fd426b7378a7548b076fdc608b4bad0eab8edf91eaf3877459e93c40132ccd6e12f9908f0eea7d72f9b65597d8389bfbec0be15bbb112

    Download Submit

  • memory/472-71-0x00000000004E0000-0x00000000004EF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/472-82-0x00000000004F0000-0x00000000004FF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/472-78-0x00000000004F0000-0x00000000004FF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/472-77-0x00000000002B0000-0x00000000002BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/472-75-0x00000000004E0000-0x00000000004EF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/472-81-0x00000000002B0000-0x00000000002BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1224-66-0x0000000002AE0000-0x0000000002AEF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1224-65-0x0000000002A00000-0x0000000002A0C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1224-54-0x0000000002AD0000-0x0000000002ADF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1224-62-0x0000000002AD0000-0x0000000002ADF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1224-58-0x0000000002AD0000-0x0000000002ADF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1224-80-0x0000000002A00000-0x0000000002A0C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1372-83-0x0000000000000000-mapping.dmp

    Download

  • memory/1712-64-0x0000000000230000-0x000000000025E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-79-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-63-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/1712-84-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download