Overview

overview

8

Static

static

e1e8e2e91e...b8.exe

windows7-x64

8

e1e8e2e91e...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    157s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 01:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1e8e2e91e375185a0595e8ba2bae1f8498a132e5d7186ae3396e19ff4aefab8.exe

  • Size

    762KB

  • MD5

    3b57cc4e491168a4fa083dea9ad65b57

  • SHA1

    3898021a8302a0f58a149907233dfbdb4dd92a11

  • SHA256

    e1e8e2e91e375185a0595e8ba2bae1f8498a132e5d7186ae3396e19ff4aefab8

  • SHA512

    ff38cd3c38578b8003651973d38547af5abe18c3ce074dce616b86317c20f29fd5c69c5466bf4cac86fb8e938925b3bb2a710fd091cf64fc3115da4f6583e169

  • SSDEEP

    12288:rG6lrpOjWtGNgDUiWqWNKDrt25G6lrpOjWtGNgDUiWqWNKDrt2x:KcOjWcCDUiWBwrk8cOjWcCDUiWBwrkx

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1e8e2e91e375185a0595e8ba2bae1f8498a132e5d7186ae3396e19ff4aefab8.exe
    "C:\Users\Admin\AppData\Local\Temp\e1e8e2e91e375185a0595e8ba2bae1f8498a132e5d7186ae3396e19ff4aefab8.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2032
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k netsvcs
    1⤵
    • Loads dropped DLL
    PID:2324

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Local User\windmad.dll
          Filesize

          99KB

          MD5

          687e8c6438047229c4b3177b369d275e

          SHA1

          bb341ba42d3a321a4c07f519e2a9e4fa84c98b92

          SHA256

          92fd05762ef24cc465e74596b0f9bc908f0e605646219c43f82547bdbe3ce924

          SHA512

          21ea2cad3090da82e2340e44e833aed87324891700ac24b99378b84b0471ffd2423abe40de32ae539e5f3a386dbb73081b0f63c91b80d3bb57d366b18e3eebc5

          Download Submit

        • \??\c:\documents and settings\local user\windmad.dll
          Filesize

          99KB

          MD5

          687e8c6438047229c4b3177b369d275e

          SHA1

          bb341ba42d3a321a4c07f519e2a9e4fa84c98b92

          SHA256

          92fd05762ef24cc465e74596b0f9bc908f0e605646219c43f82547bdbe3ce924

          SHA512

          21ea2cad3090da82e2340e44e833aed87324891700ac24b99378b84b0471ffd2423abe40de32ae539e5f3a386dbb73081b0f63c91b80d3bb57d366b18e3eebc5

          Download Submit

        • memory/2032-132-0x0000000000400000-0x000000000055F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2032-133-0x0000000000400000-0x000000000055F000-memory.dmp

          Filesize

          1.4MB

          Download

        • memory/2032-136-0x0000000000400000-0x000000000055F000-memory.dmp

          Filesize

          1.4MB

          Download