Overview

overview

7

Static

static

cccb5e248d...b7.exe

windows7-x64

7

cccb5e248d...b7.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2023, 13:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cccb5e248d7e84161cb6c030aba8c00ba0e8dbb7.exe

  • Size

    18KB

  • MD5

    9c9c12ba5f61d078997a29057b25ddd1

  • SHA1

    cccb5e248d7e84161cb6c030aba8c00ba0e8dbb7

  • SHA256

    bac32c1eceed39b36e6351f7a21b115b88118cebf5c76a28c9c99be3bd9a912a

  • SHA512

    c0e8d9890738503ba74b541f8721c6f71fdf10435d2b91e0e6da4c8e40b5e50747d766c77e32516ca056098a2b61f8d7ffbf8497ffeb1687aded842971dc22d9

  • SSDEEP

    384:RiwgJRaMlzju0TySPPbpsdWK61I+6UuYRex41itSB1kMQig5RmPjT:RiwsRaMxRZncWt1ILvb+okB1kMQi6mPv

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1276
      • C:\Users\Admin\AppData\Local\Temp\cccb5e248d7e84161cb6c030aba8c00ba0e8dbb7.exe
        "C:\Users\Admin\AppData\Local\Temp\cccb5e248d7e84161cb6c030aba8c00ba0e8dbb7.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1388

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\dndsioc.dll
      Filesize

      27KB

      MD5

      df44eae4792fe14d56410646f8c715d4

      SHA1

      80a3bc30eaa5381ba18434104b33221789206425

      SHA256

      5f04bbe4a07c1ab245e77da03e65557e9df7fb2370deb5806cdab8a8b2afbbb5

      SHA512

      9f9443bc4008134466d9acaf3d9126016f53468f3860ea3f2104e792d9d043449121bfec3f952961c38905cd439b26faa16f50ba8bada6aba15180a923b658e8

      Download Submit

    • memory/1276-54-0x0000000001DF0000-0x0000000001DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1276-55-0x0000000001E00000-0x0000000001E01000-memory.dmp

      Filesize

      4KB

      Download