Overview

overview

10

Static

static

6978fe4455...b7.exe

windows7-x64

10

6978fe4455...b7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    24s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 03:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6978fe4455ead55e477feb2fc5f89f26c856490bb48c281cfd3688f6bb4d49b7.exe

  • Size

    903KB

  • MD5

    43fe56bd883cd2c7e6b3df65e2e23a13

  • SHA1

    86f2643ffe8c051e4e0b5ad37ed433512c09c59b

  • SHA256

    6978fe4455ead55e477feb2fc5f89f26c856490bb48c281cfd3688f6bb4d49b7

  • SHA512

    3d9c383c623c8ad53a5f6ac1840c2a3f0a7610b0d2024060692978d5bd608b2368484a3f2ec1ff8c576ac9228b2d06fc2a7c261d453618f282c96a4bbe9252ef

  • SSDEEP

    12288:CG/oHZId8zgYzkTC25RpKnnKUxE/EgnL3ZX9fnKiW9FdUVyFKwaB:CGNicYzk+7vxE/NXnlW9oVcG

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6978fe4455ead55e477feb2fc5f89f26c856490bb48c281cfd3688f6bb4d49b7.exe
    "C:\Users\Admin\AppData\Local\Temp\6978fe4455ead55e477feb2fc5f89f26c856490bb48c281cfd3688f6bb4d49b7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Documents and Settings\tazebama.dl_
      "C:\Documents and Settings\tazebama.dl_"
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1828

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Documents and Settings\tazebama.dl_
          Filesize

          151KB

          MD5

          282da108f4b6bfd91ffb5c5991486dfc

          SHA1

          2142bb131e831b187d527b1d4340c2a87dc568dc

          SHA256

          d282e537ee854b99407eca8dde1caec842f447f18d500f19140c0f92a4889572

          SHA512

          6ba3af5c2039ad902adc8da746c578bde4efec68a0b202d096a9bc394b1683cbf3fd7716cec5e0f1a8cd323753ac917b5c32b06e7aba4e5f20ac420514cd7066

          Download Submit

        • C:\Users\tazebama.dl_
          Filesize

          151KB

          MD5

          282da108f4b6bfd91ffb5c5991486dfc

          SHA1

          2142bb131e831b187d527b1d4340c2a87dc568dc

          SHA256

          d282e537ee854b99407eca8dde1caec842f447f18d500f19140c0f92a4889572

          SHA512

          6ba3af5c2039ad902adc8da746c578bde4efec68a0b202d096a9bc394b1683cbf3fd7716cec5e0f1a8cd323753ac917b5c32b06e7aba4e5f20ac420514cd7066

          Download Submit

        • \Users\tazebama.dl_
          Filesize

          151KB

          MD5

          282da108f4b6bfd91ffb5c5991486dfc

          SHA1

          2142bb131e831b187d527b1d4340c2a87dc568dc

          SHA256

          d282e537ee854b99407eca8dde1caec842f447f18d500f19140c0f92a4889572

          SHA512

          6ba3af5c2039ad902adc8da746c578bde4efec68a0b202d096a9bc394b1683cbf3fd7716cec5e0f1a8cd323753ac917b5c32b06e7aba4e5f20ac420514cd7066

          Download Submit

        • \Users\tazebama.dl_
          Filesize

          151KB

          MD5

          282da108f4b6bfd91ffb5c5991486dfc

          SHA1

          2142bb131e831b187d527b1d4340c2a87dc568dc

          SHA256

          d282e537ee854b99407eca8dde1caec842f447f18d500f19140c0f92a4889572

          SHA512

          6ba3af5c2039ad902adc8da746c578bde4efec68a0b202d096a9bc394b1683cbf3fd7716cec5e0f1a8cd323753ac917b5c32b06e7aba4e5f20ac420514cd7066

          Download Submit

        • \Users\tazebama.dll
          Filesize

          32KB

          MD5

          b6a03576e595afacb37ada2f1d5a0529

          SHA1

          d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8

          SHA256

          1707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad

          SHA512

          181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c

          Download Submit

        • memory/1828-63-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1932-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1932-60-0x0000000001000000-0x00000000010BE000-memory.dmp

          Filesize

          760KB

          Download