Overview

overview

10

Static

static

2d7c89a6e2...77.exe

windows7-x64

10

2d7c89a6e2...77.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    342s
  • max time network
    385s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 19:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d7c89a6e2ca9945993b8898dba3b829aab3d2ad68b0b24697a504e257809477.exe

  • Size

    72KB

  • MD5

    02740ffe84ab7d19826e310da65de410

  • SHA1

    e8a2cb7aecb85bd07436c4c37d93bf6f0a718ddd

  • SHA256

    2d7c89a6e2ca9945993b8898dba3b829aab3d2ad68b0b24697a504e257809477

  • SHA512

    271a0cdc0ec594ecbbb15f174479276b8c5c80a7d302f97c5bc89a68752c6c6b1f0c4ed6bdff7e19aacc50ea423b8ff118117ef0785295c5b769fecce60a1940

  • SSDEEP

    384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2n:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrPT

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Disables RegEdit via registry modification 4 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs
  • System policy modification 1 TTPs 8 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d7c89a6e2ca9945993b8898dba3b829aab3d2ad68b0b24697a504e257809477.exe
    "C:\Users\Admin\AppData\Local\Temp\2d7c89a6e2ca9945993b8898dba3b829aab3d2ad68b0b24697a504e257809477.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Disables RegEdit via registry modification
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:3808
    • C:\Users\Admin\AppData\Local\Temp\3606323666\backup.exe
      C:\Users\Admin\AppData\Local\Temp\3606323666\backup.exe C:\Users\Admin\AppData\Local\Temp\3606323666\
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • System policy modification
      PID:1568
    • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
      C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe C:\Users\Admin\AppData\Local\Temp\acrocef_low\
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2748

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3606323666\backup.exe
    Filesize

    72KB

    MD5

    3e02d90ad52a3b0fa46b5ba886e2e864

    SHA1

    08051a963512b87674a1dc4ca4cba784b689b858

    SHA256

    0f42f05b6ab0a210f0acae35e5479558f5ad188c6dc9fe14ba3ec44e6d91f4c7

    SHA512

    a8ec8ddbdb26b939aa46ec652bb398c7354d7cf7b6269ae39ef35adb7280cbfc536ab6c7c7013f6c53da730af683d2f087ad73bdaa8fae29c01462def8d891de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\3606323666\backup.exe
    Filesize

    72KB

    MD5

    3e02d90ad52a3b0fa46b5ba886e2e864

    SHA1

    08051a963512b87674a1dc4ca4cba784b689b858

    SHA256

    0f42f05b6ab0a210f0acae35e5479558f5ad188c6dc9fe14ba3ec44e6d91f4c7

    SHA512

    a8ec8ddbdb26b939aa46ec652bb398c7354d7cf7b6269ae39ef35adb7280cbfc536ab6c7c7013f6c53da730af683d2f087ad73bdaa8fae29c01462def8d891de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    3e02d90ad52a3b0fa46b5ba886e2e864

    SHA1

    08051a963512b87674a1dc4ca4cba784b689b858

    SHA256

    0f42f05b6ab0a210f0acae35e5479558f5ad188c6dc9fe14ba3ec44e6d91f4c7

    SHA512

    a8ec8ddbdb26b939aa46ec652bb398c7354d7cf7b6269ae39ef35adb7280cbfc536ab6c7c7013f6c53da730af683d2f087ad73bdaa8fae29c01462def8d891de

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acrocef_low\backup.exe
    Filesize

    72KB

    MD5

    3e02d90ad52a3b0fa46b5ba886e2e864

    SHA1

    08051a963512b87674a1dc4ca4cba784b689b858

    SHA256

    0f42f05b6ab0a210f0acae35e5479558f5ad188c6dc9fe14ba3ec44e6d91f4c7

    SHA512

    a8ec8ddbdb26b939aa46ec652bb398c7354d7cf7b6269ae39ef35adb7280cbfc536ab6c7c7013f6c53da730af683d2f087ad73bdaa8fae29c01462def8d891de

    Download Submit

  • memory/1568-134-0x0000000000000000-mapping.dmp

    Download

  • memory/2748-139-0x0000000000000000-mapping.dmp

    Download