Overview

overview

10

Static

static

9e12519039...b0.exe

windows7-x64

10

9e12519039...b0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    263s
  • max time network
    324s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e12519039f24624a52fbd2ce5f8dcf0be55a0321f5cf1d5b2e751bffbb389b0.exe

  • Size

    163KB

  • MD5

    1d6b80eed083b9eee8ce95adc7f8e436

  • SHA1

    f94fe50ad12fee43655eab81f830a1a9f67fa798

  • SHA256

    9e12519039f24624a52fbd2ce5f8dcf0be55a0321f5cf1d5b2e751bffbb389b0

  • SHA512

    814bfa1038d59bc15ba48a4c4e701f5e1358f55a20feb733b306d378ae80de0e65e173b1af6105559f5e33fa33165d9fb55e63a50ff5bb22b2f3e4a1a18aedb5

  • SSDEEP

    3072:fhfxHNIBdQmNitcrE4mzfOv9lH5ANJaYN2:f1piBdfitcrCDOzHWt2

Score
10/10
persistence

Malware Config

Signatures

  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e12519039f24624a52fbd2ce5f8dcf0be55a0321f5cf1d5b2e751bffbb389b0.exe
    "C:\Users\Admin\AppData\Local\Temp\9e12519039f24624a52fbd2ce5f8dcf0be55a0321f5cf1d5b2e751bffbb389b0.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Modifies system executable filetype association
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4248

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System\rundll32.exe
    Filesize

    177KB

    MD5

    e8104b539f8df6afb0c57d6bac9540b3

    SHA1

    7f2df887b6dee252ed1223cd2eb156609e3de408

    SHA256

    6ffc304127a62af5e80e392eda9428ff23d1da8be09936712a0a5c1e8af1b93c

    SHA512

    1c70c46afae073992e443f584f10c403a5c39ef64e36d079195e7fe5d994782d87468ef9073e3933468493b02d85f67619100144b6bc0ec642de89db8ffc7cfe

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    177KB

    MD5

    e8104b539f8df6afb0c57d6bac9540b3

    SHA1

    7f2df887b6dee252ed1223cd2eb156609e3de408

    SHA256

    6ffc304127a62af5e80e392eda9428ff23d1da8be09936712a0a5c1e8af1b93c

    SHA512

    1c70c46afae073992e443f584f10c403a5c39ef64e36d079195e7fe5d994782d87468ef9073e3933468493b02d85f67619100144b6bc0ec642de89db8ffc7cfe

    Download Submit