Overview

overview

7

Static

static

daddbdb0de...3b.exe

windows7-x64

7

daddbdb0de...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 21:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    daddbdb0debafc798cfbdabeb6a20bddb6a92f4e352d7c3ffcf9c816ee84093b.exe

  • Size

    18KB

  • MD5

    c7da367bc8c7839eedf9be812712d7af

  • SHA1

    ab503302e639616efa62077b9151ef5f66a85712

  • SHA256

    daddbdb0debafc798cfbdabeb6a20bddb6a92f4e352d7c3ffcf9c816ee84093b

  • SHA512

    4e3a90e79cb1d4573c06a8a8a2ba0ea4a9e0f5664ea51bf07d9d88727e7da70d25b6960c58284fa93332dd78d63f4af082d330777b164542e69251fc2c12e9e7

  • SSDEEP

    384:QlbKSEsVnYUVlcyQcO8fi/yk7gxvYz3ET0SljG+dhCDiyodWhQI:QJEsK6dPi9Kwz3E15GYoDzodGQ

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1392
      • C:\Users\Admin\AppData\Local\Temp\daddbdb0debafc798cfbdabeb6a20bddb6a92f4e352d7c3ffcf9c816ee84093b.exe
        "C:\Users\Admin\AppData\Local\Temp\daddbdb0debafc798cfbdabeb6a20bddb6a92f4e352d7c3ffcf9c816ee84093b.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:740

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Windows\SysWOW64\gtwmmoyj.dll
            Filesize

            30KB

            MD5

            3bdd527c045e6368939be4c039daf779

            SHA1

            0fb94f3c0c938517af9dea7dbcc411f5223e70e5

            SHA256

            10a9c73a5ef340e671fd3a310ece0345e8ef465de146943a59f295fcbdd35203

            SHA512

            42553dbd680ba921124f2dc7985a4685b4bbef0b27ad4ee4219e5ff03c1dd080dcc1d4aa7f856b6d9c081e461ebb79e0778ce2a4064f9c40be2352200499d696

            Download Submit

          • memory/740-54-0x0000000000400000-0x0000000000419000-memory.dmp

            Filesize

            100KB

            Download

          • memory/1392-55-0x00000000021F0000-0x00000000021F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1392-56-0x0000000002200000-0x0000000002201000-memory.dmp

            Filesize

            4KB

            Download