Analysis
-
max time kernel
38s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03-12-2022 11:37
Behavioral task
behavioral1
Sample
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe
Resource
win10v2004-20220901-en
General
-
Target
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe
-
Size
667KB
-
MD5
184df78faee941f344c53b8230955567
-
SHA1
6b376c136ebbcac85b8ee7d3cd38661ffd1d7039
-
SHA256
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055
-
SHA512
6f247ed19291956c490c71f128e8aa128b350a204fe683a1b0767c89ee94e1fcb77abe0929b0b8ac99f82efb418e0882a34cda0218a74ed4fcef097846ad6325
-
SSDEEP
12288:PRpCPTbOwWRAEJhq78fc7LMoPcbafYY/zgB7bpgmhquTyD4:PqOw2Auq78f6CagTBHe1Ay
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WinInet = "C:\\WINDOWS\\system\\winlogon.exe" eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe -
Drops file in Windows directory 2 IoCs
Processes:
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exedescription ioc process File opened for modification C:\WINDOWS\system\winlogon.exe eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe File created C:\WINDOWS\system\winlogon.exe eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exepid process 1076 eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe"C:\Users\Admin\AppData\Local\Temp\eb9092144aef8760be5d632c006dd801d06247c0e71deb051e74920916eb6055.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1076-54-0x0000000076AE1000-0x0000000076AE3000-memory.dmpFilesize
8KB