Overview

overview

10

Static

static

79ffda2db2...b2.exe

windows7-x64

10

79ffda2db2...b2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    169s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 02:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2.exe

  • Size

    58KB

  • MD5

    8c015620a9bc79ec1aaf58b9edab47b2

  • SHA1

    16084c80ff739fdbe112d518b3bd4871ef3f3200

  • SHA256

    79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2

  • SHA512

    11fb55a6d3c84e2c25e79202e6440a2d99e41e962677217de78205eef8a56252fdb3839d3de3ee81be22ace33931c422e603db6d88da9ff40052431b068b7eb5

  • SSDEEP

    1536:Bxq97DG+Cc22uWlFZEqLQw0qzGFGjLJECfzT70TM0w2:Bxq9tCctBlQcQw5LiYwTM0w

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2.exe
    "C:\Users\Admin\AppData\Local\Temp\79ffda2db23ae19fe8b44c8286b25554daf6c44f3e40a4360e085b7dfe726db2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:968
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:872

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/968-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

      Filesize

      8KB

      Download

    • memory/968-55-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/968-56-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

      Download

    • memory/968-57-0x00000000002A0000-0x00000000002B9000-memory.dmp

      Filesize

      100KB

      Download

    • memory/968-58-0x00000000002A0000-0x00000000002B9000-memory.dmp

      Filesize

      100KB

      Download

    • memory/1312-59-0x0000000077020000-0x00000000771C9000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/1312-60-0x0000000002220000-0x0000000002228000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1312-62-0x0000000077020000-0x00000000771C9000-memory.dmp

      Filesize

      1.7MB

      Download