Overview

overview

10

Static

static

c16bf77fcc...1c.exe

windows7-x64

10

c16bf77fcc...1c.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2023, 02:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c16bf77fcc5c44599d6498330322817771cc351c.exe

  • Size

    393KB

  • MD5

    352e7453f1dfb7af3d26702bf6717f6f

  • SHA1

    c16bf77fcc5c44599d6498330322817771cc351c

  • SHA256

    8234e9a2c8f6261ad19fcd2e44aeb1abcfc193b47a82e6ce3c8b325e82057a99

  • SHA512

    f0900cc289ce1381694cad3b5121704de0fb77d705b4bb75d221f14039493cafa9bdefd018757727661a8d73158d3946a856b34ffc77fc6654d3699d49f37712

  • SSDEEP

    6144:pMwPfMXE8RBlYmP4I99mGJKko33SURApteIR0BhOyC4K6/U8a0fFvG:pv8RBmmgbGMF33SU+tDRqhG6/U8aKFu

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c16bf77fcc5c44599d6498330322817771cc351c.exe
    "C:\Users\Admin\AppData\Local\Temp\c16bf77fcc5c44599d6498330322817771cc351c.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe
      "C:\ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\c16bf77fcc5c44599d6498330322817771cc351c.exe"
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Deletes itself
      • Windows security modification
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2000

Network

    No results found
  • 122.224.18.199:80
    c16bf77fcc5c44599d6498330322817771cc351c.exe
    152 B
     3
  • 122.224.18.199:80
    F4D55F6500014973000C7881B4EB2331.exe
    152 B
     3
  • 122.224.18.199:80
    F4D55F6500014973000C7881B4EB2331.exe
    152 B
     3
  • 122.224.18.199:80
    c16bf77fcc5c44599d6498330322817771cc351c.exe
    152 B
     3
No results found

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe
    Filesize

    393KB

    MD5

    352e7453f1dfb7af3d26702bf6717f6f

    SHA1

    c16bf77fcc5c44599d6498330322817771cc351c

    SHA256

    8234e9a2c8f6261ad19fcd2e44aeb1abcfc193b47a82e6ce3c8b325e82057a99

    SHA512

    f0900cc289ce1381694cad3b5121704de0fb77d705b4bb75d221f14039493cafa9bdefd018757727661a8d73158d3946a856b34ffc77fc6654d3699d49f37712

    Download Submit

  • C:\ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe
    Filesize

    393KB

    MD5

    352e7453f1dfb7af3d26702bf6717f6f

    SHA1

    c16bf77fcc5c44599d6498330322817771cc351c

    SHA256

    8234e9a2c8f6261ad19fcd2e44aeb1abcfc193b47a82e6ce3c8b325e82057a99

    SHA512

    f0900cc289ce1381694cad3b5121704de0fb77d705b4bb75d221f14039493cafa9bdefd018757727661a8d73158d3946a856b34ffc77fc6654d3699d49f37712

    Download Submit

  • \ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe
    Filesize

    393KB

    MD5

    352e7453f1dfb7af3d26702bf6717f6f

    SHA1

    c16bf77fcc5c44599d6498330322817771cc351c

    SHA256

    8234e9a2c8f6261ad19fcd2e44aeb1abcfc193b47a82e6ce3c8b325e82057a99

    SHA512

    f0900cc289ce1381694cad3b5121704de0fb77d705b4bb75d221f14039493cafa9bdefd018757727661a8d73158d3946a856b34ffc77fc6654d3699d49f37712

    Download Submit

  • \ProgramData\F4D55F6500014973000C7881B4EB2331\F4D55F6500014973000C7881B4EB2331.exe
    Filesize

    393KB

    MD5

    352e7453f1dfb7af3d26702bf6717f6f

    SHA1

    c16bf77fcc5c44599d6498330322817771cc351c

    SHA256

    8234e9a2c8f6261ad19fcd2e44aeb1abcfc193b47a82e6ce3c8b325e82057a99

    SHA512

    f0900cc289ce1381694cad3b5121704de0fb77d705b4bb75d221f14039493cafa9bdefd018757727661a8d73158d3946a856b34ffc77fc6654d3699d49f37712

    Download Submit

  • memory/1408-54-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1408-56-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1408-57-0x0000000074B51000-0x0000000074B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1408-67-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1408-69-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2000-63-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/2000-68-0x0000000000410000-0x00000000004D8000-memory.dmp

    Filesize

    800KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.