Overview

overview

10

Static

static

3f826d6a40...25.exe

windows7-x64

10

3f826d6a40...25.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    152s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 10:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25.exe

  • Size

    75KB

  • MD5

    f58be2328792d13e1a9d926d291852f2

  • SHA1

    91e5d25c4879b111e1101fe78cf0ba28fbf17240

  • SHA256

    3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25

  • SHA512

    5bfdb0d8debdbd496008e0e6094bd4110bf106f227ec4bed86ac60c8aead03890cf57ec9f74ba1fa888337c054791143b5b46d0d347aaeb33d379f3df0a89b5f

  • SSDEEP

    1536:B6IfYyrbPCLAY6acU95xO0KcmtCG+XHyl/ZDDDDDDDDD:B6If7rbPCL7689C0KUIDDDDDDDDD

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25.exe
    "C:\Users\Admin\AppData\Local\Temp\3f826d6a40afb67d5ff29a307cbf0c95ad68a1716ca838cc78fdde7ada78de25.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: MapViewOfSection
    PID:1700
  • C:\Windows\syswow64\svchost.exe
    "C:\Windows\syswow64\svchost.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Windows\SysWOW64\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:1120

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/892-57-0x0000000074E41000-0x0000000074E43000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1280-58-0x00000000029A0000-0x00000000029A9000-memory.dmp

            Filesize

            36KB

            Download

          • memory/1280-59-0x0000000076DC0000-0x0000000076F69000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1280-60-0x0000000076DC0000-0x0000000076F69000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1700-54-0x0000000000400000-0x0000000000416000-memory.dmp

            Filesize

            88KB

            Download

          • memory/1700-55-0x00000000002A0000-0x00000000002D0000-memory.dmp

            Filesize

            192KB

            Download

          • memory/1700-56-0x00000000002A0000-0x00000000002D0000-memory.dmp

            Filesize

            192KB

            Download