Overview

overview

7

Static

static

3

5a55e941dc...ex.exe

windows7-x64

7

5a55e941dc...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    07/07/2023, 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a55e941dcb0c5exeexeexeex.exe

  • Size

    280KB

  • MD5

    5a55e941dcb0c5d638e3a38841117e77

  • SHA1

    003fb16698a4cd37ff416d7e078cfcbad0849d25

  • SHA256

    af54cc0282547ff0e74d3c9018273ae4439446b92e8eba33b9cb3c96a691e239

  • SHA512

    fcd511031ea825f0da1b4fcbe313a9b026dbbf146e8b32c66358bf8f594f775f39cd8dba8339dd3a80fcc268e3be7ad2c2fc9cff65caa336832b73d56c2c737c

  • SSDEEP

    6144:ZTz+WrPFZvTXb4RyW42vFlOloh2E+7pYUozDK:ZTBPFV0RyWl3h2E+7pl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a55e941dcb0c5exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\5a55e941dcb0c5exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe"
        3⤵
        • Executes dropped EXE
        PID:1164

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Sys32\wlogon32.exe
    Filesize

    280KB

    MD5

    62acb049b8a4e41b4b9c803fa1df3f66

    SHA1

    d2da240dff637ce990be66e2c6af1384d44ca4e4

    SHA256

    a4a44bc9965a50d80680d8f8b76b62e9a6dcd60a9f6279f2ddeae8063518cc92

    SHA512

    74768a841399c3bef2ce1d1a6c9c6087a1421e99e92fc378a68221988b0a1e50f93822f9d9af1dfee04a2055f3cb8fc41d16d868d5e5c38b4be9ae2ec9a7aa95

    Download Submit