Overview

overview

10

Static

static

10

5e34b52fb2...7e.exe

windows7-x64

7

5e34b52fb2...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2023 19:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe

  • Size

    1.2MB

  • MD5

    7819aded07f95ebb40f51240514d6097

  • SHA1

    3b0c674320f1e1e7401f8e49c0af22f10963a99f

  • SHA256

    5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e

  • SHA512

    c55ab9344ad0b6ee3c3ab6d5833ae1867b28efd97599b452d959a66543eb8e65b10ec1aa6377219a6d35c410643fb35084b9d77ef117c67c691dec1623c23e1f

  • SSDEEP

    24576:EnXIlq0d3uCOle3bcSNR+Jr2zZ8zYzAKOorc+B2Cnoy2KFg:Et6dsMAKjcDWF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe
    "C:\Users\Admin\AppData\Local\Temp\5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1720
  • C:\Windows\System32\msconfig.exe
    "C:\Windows\System32\msconfig.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1920
  • C:\Windows\System32\msconfig.exe
    "C:\Windows\System32\msconfig.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1784
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:1692

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.jpg
    Filesize

    1KB

    MD5

    edea599abe007c19c028c6917a16cd0e

    SHA1

    f6c89bbd3167c265b8f1f946c6c5a4e5d5a93771

    SHA256

    c7be415cca4726d7ed856ce13481862c96978a5dd880b926cc6c29f95b6d57dd

    SHA512

    9e839c1d91b067fdd9e4356b99dbfc1a46dff9c796bd9c4455d1cf9b6da46ecc64b0c35be47382f5f2b059876ab7a8f686ec304f54b56c24a358e4868fd46b16

    Download Submit
  • \Users\Admin\AppData\Local\Temp\Unrar.dll
    Filesize

    157KB

    MD5

    a5fe51b8ce661a935a165803c65a4bf1

    SHA1

    f62c77748f4ea5ab4c1b0c987e568e04e86e43ee

    SHA256

    5a190418b2f5e7fc18ad27ac315b21df185bba8c0e33dc0b3ce60fe07ef34441

    SHA512

    6b52f099b0b9d789663bc6fe833c7212c09d5e6e50fceabfdb9e94bcd1ef911fb3304b247da5fc90ac4739cfd485729883d2c5f64af4f87681fdea1216fc1017

    Download Submit
  • memory/1692-84-0x00000000000C0000-0x00000000000C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1692-85-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1692-89-0x0000000000250000-0x0000000000251000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1720-58-0x0000000001FB0000-0x0000000001FE2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1720-79-0x0000000010000000-0x0000000010017000-memory.dmp
    Filesize

    92KB

    Download
  • memory/1720-80-0x0000000001FB0000-0x0000000001FE2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1720-83-0x0000000002140000-0x0000000002142000-memory.dmp
    Filesize

    8KB

    Download