Overview

overview

7

Static

static

3

00a1065461...ex.exe

windows7-x64

7

00a1065461...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2023 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00a10654613765exeexeexeex.exe

  • Size

    327KB

  • MD5

    00a1065461376591346a37a5ecad95cf

  • SHA1

    5a364c0b26344f5ebaea5ad52c93ff5cc245b39b

  • SHA256

    b3b4fcae45dc3d211b899d38648751f8398574054f5af646d0c7bbe209323900

  • SHA512

    c931ef99b9616b4b372ebfc093e90dafde8d769ac7f11c44d53b816f095e121018ced50dd9ccaadd462e47e1b69ad0ad6a5efc52536a54e8c748970c001f54f7

  • SSDEEP

    6144:Q2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:Q2TFafJiHCWBWPMjVWrXK0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\00a10654613765exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\00a10654613765exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe"
        3⤵
        • Executes dropped EXE
        PID:1088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Posix\dwmsys.exe
    Filesize

    327KB

    MD5

    76c242764b4c911730db0eba29e2846d

    SHA1

    2930cb4ed7e7b367acf8ec9781bef04b69ab1f97

    SHA256

    4b98a06ed89089f7a093f0cb4018e1d003b99c3d6effe777eddb166b52c98b87

    SHA512

    f150312caf85c1f4f56a620491dbed454b9195f43119ced4906d7294c4c5d8216c815c78deb4443bfb035a20403bb5568c70d1415d1db9fb14cf0f1c6a8551fa

    Download Submit