Overview

overview

10

Static

static

10

5e34b52fb2...7e.exe

windows7-x64

7

5e34b52fb2...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2023 19:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe

  • Size

    1.2MB

  • MD5

    7819aded07f95ebb40f51240514d6097

  • SHA1

    3b0c674320f1e1e7401f8e49c0af22f10963a99f

  • SHA256

    5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e

  • SHA512

    c55ab9344ad0b6ee3c3ab6d5833ae1867b28efd97599b452d959a66543eb8e65b10ec1aa6377219a6d35c410643fb35084b9d77ef117c67c691dec1623c23e1f

  • SSDEEP

    24576:EnXIlq0d3uCOle3bcSNR+Jr2zZ8zYzAKOorc+B2Cnoy2KFg:Et6dsMAKjcDWF

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe
    "C:\Users\Admin\AppData\Local\Temp\5e34b52fb24804b7f2709926d57582f34f1d6b351284a15d52d0194635b2dc7e.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3260
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4068
    • C:\Windows\System32\msconfig.exe
      "C:\Windows\System32\msconfig.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:5036
    • C:\Windows\System32\msconfig.exe
      "C:\Windows\System32\msconfig.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:524
    • C:\Windows\System32\msconfig.exe
      "C:\Windows\System32\msconfig.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4604
    • C:\Windows\System32\msconfig.exe
      "C:\Windows\System32\msconfig.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:444

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Unrar.dll
      Filesize

      157KB

      MD5

      a5fe51b8ce661a935a165803c65a4bf1

      SHA1

      f62c77748f4ea5ab4c1b0c987e568e04e86e43ee

      SHA256

      5a190418b2f5e7fc18ad27ac315b21df185bba8c0e33dc0b3ce60fe07ef34441

      SHA512

      6b52f099b0b9d789663bc6fe833c7212c09d5e6e50fceabfdb9e94bcd1ef911fb3304b247da5fc90ac4739cfd485729883d2c5f64af4f87681fdea1216fc1017

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Unrar.dll
      Filesize

      157KB

      MD5

      a5fe51b8ce661a935a165803c65a4bf1

      SHA1

      f62c77748f4ea5ab4c1b0c987e568e04e86e43ee

      SHA256

      5a190418b2f5e7fc18ad27ac315b21df185bba8c0e33dc0b3ce60fe07ef34441

      SHA512

      6b52f099b0b9d789663bc6fe833c7212c09d5e6e50fceabfdb9e94bcd1ef911fb3304b247da5fc90ac4739cfd485729883d2c5f64af4f87681fdea1216fc1017

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Unrar.dll
      Filesize

      157KB

      MD5

      a5fe51b8ce661a935a165803c65a4bf1

      SHA1

      f62c77748f4ea5ab4c1b0c987e568e04e86e43ee

      SHA256

      5a190418b2f5e7fc18ad27ac315b21df185bba8c0e33dc0b3ce60fe07ef34441

      SHA512

      6b52f099b0b9d789663bc6fe833c7212c09d5e6e50fceabfdb9e94bcd1ef911fb3304b247da5fc90ac4739cfd485729883d2c5f64af4f87681fdea1216fc1017

      Download Submit
    • memory/3260-139-0x0000000002430000-0x0000000002462000-memory.dmp
      Filesize

      200KB

      Download
    • memory/3260-161-0x0000000010000000-0x0000000010017000-memory.dmp
      Filesize

      92KB

      Download
    • memory/3260-162-0x0000000002430000-0x0000000002462000-memory.dmp
      Filesize

      200KB

      Download
    • memory/3260-165-0x0000000002430000-0x0000000002462000-memory.dmp
      Filesize

      200KB

      Download