Overview

overview

8

Static

static

dccc8eee4a...a0.exe

windows7-x64

8

dccc8eee4a...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-12-2022 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dccc8eee4aa4fdb0f2dc890534a0c576a1053d1ab99ccd55580354b9db12fda0.exe

  • Size

    312KB

  • MD5

    34dd7c33483366da4c4fe885abe91d98

  • SHA1

    fd9eb6920bb87796352bf1747e313a261e3cfdfb

  • SHA256

    dccc8eee4aa4fdb0f2dc890534a0c576a1053d1ab99ccd55580354b9db12fda0

  • SHA512

    73cbdb4eeb76bcb8176ded294b395317bd78a192d5959405255df697ae2033a1b1ed8b129e995d60a710931d24cdee4be6d984ba9ed7353c6f265de7dc891df0

  • SSDEEP

    6144:+6EwwJWwVwrgkEF97KCzqMvoB8j9J/d57jHhcOMhPC:zEPWKwreP7fzDAgzl5Hhcx

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dccc8eee4aa4fdb0f2dc890534a0c576a1053d1ab99ccd55580354b9db12fda0.exe
    "C:\Users\Admin\AppData\Local\Temp\dccc8eee4aa4fdb0f2dc890534a0c576a1053d1ab99ccd55580354b9db12fda0.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4828
    • C:\ProgramData\bKnJkNaOhLe06504\bKnJkNaOhLe06504.exe
      "C:\ProgramData\bKnJkNaOhLe06504\bKnJkNaOhLe06504.exe" "C:\Users\Admin\AppData\Local\Temp\dccc8eee4aa4fdb0f2dc890534a0c576a1053d1ab99ccd55580354b9db12fda0.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2296

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\bKnJkNaOhLe06504\bKnJkNaOhLe06504.exe
    Filesize

    312KB

    MD5

    c36f40dc0e3bc416a2ea9e570254bfa0

    SHA1

    762250f05818b18cd368c3220d308bc4059c786f

    SHA256

    298478a92a572d3b94578a919b01c5ea82b43df903aa5bf10db50c3e1e3380d9

    SHA512

    fdb6d0783c0b622081b37302b3a6b89b542644629ca0916fa3362ff1e4998300a56ad72c85aad05731bef9652d727ee86eb68e224eb21b6111a53640b3b33f50

    Download Submit

  • C:\ProgramData\bKnJkNaOhLe06504\bKnJkNaOhLe06504.exe
    Filesize

    312KB

    MD5

    c36f40dc0e3bc416a2ea9e570254bfa0

    SHA1

    762250f05818b18cd368c3220d308bc4059c786f

    SHA256

    298478a92a572d3b94578a919b01c5ea82b43df903aa5bf10db50c3e1e3380d9

    SHA512

    fdb6d0783c0b622081b37302b3a6b89b542644629ca0916fa3362ff1e4998300a56ad72c85aad05731bef9652d727ee86eb68e224eb21b6111a53640b3b33f50

    Download Submit

  • memory/2296-139-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/2296-141-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/2296-145-0x0000000000618000-0x0000000000647000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2296-142-0x0000000000618000-0x0000000000647000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2296-140-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-133-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-132-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-135-0x0000000000628000-0x0000000000657000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4828-143-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-144-0x0000000000628000-0x0000000000657000-memory.dmp

    Filesize

    188KB

    Download

  • memory/4828-134-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-146-0x0000000000400000-0x00000000004FC000-memory.dmp

    Filesize

    1008KB

    Download

  • memory/4828-147-0x0000000000628000-0x0000000000657000-memory.dmp

    Filesize

    188KB

    Download