091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a

Analysis

max time kernel
328s
max time network
320s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
22/08/2023, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MMLo7.Rat.rar
Size

5.7MB
MD5

4747547f047d47bd37bc0d1b65625694
SHA1

827e3f9ca857ed95ef8185c80e5fa85fdffa28e4
SHA256

091833fb986ac8a78a9a33ae7852d2b02d510348bdcb915d4e2e51a6de27f64a
SHA512

3336de360626d125c4777d626a0790c69faf209c642d99d085cd72f92b9e5ba93aca9f9c92d81cb1e3b2ee21f6ff12cf9c6fe6ecbe9554ad846fa1cd74874241
SSDEEP

98304:HtkSjvhd8cMOBhzp1svAJFF5N7nicdRaDzmLW/nJHksov7iUsPIUDjvEQnQLligi:HtBjJd8vazEQFPN7tAeaBLNUsPIUvMUL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4668	MMLo7 Rat.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1148472871-1113856141-1322182616-1000_Classes\Local Settings	cmd.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4512	7zG.exe
Token: 35	4512	7zG.exe
Token: SeSecurityPrivilege	4512	7zG.exe
Token: SeSecurityPrivilege	4512	7zG.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4512	7zG.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3752	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat.rar
1⤵
- Modifies registry class
PID:3632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5020

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\" -spe -an -ai#7zMap6032:98:7zEvent16905
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4512

C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\MMLo7 Rat.exe
"C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\MMLo7 Rat.exe"
1⤵
- Executes dropped EXE
PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\MMLo7 Rat.exe

Filesize
2.8MB

MD5
2dc24c81438806bd03b492b9a3f3c55c

SHA1
1b62f6d53570d7cd3c8d04e6ea7e349b5de5cc89

SHA256
3edd74d68dd78681ed9eae3973ee2fb878c60e6e24dfa313ea2b4547008b1149

SHA512
f03ef03ffd926c35a6c88be065a8b6174af323a9fc633fc8d0c1ee55bf8b2eb5ef824d9c9feda21104dd10ff7f0d8d0660e9d4ba0cd8a932dd5d8e342f023ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\MMLo7 Rat.exe

Filesize
2.8MB

MD5
2dc24c81438806bd03b492b9a3f3c55c

SHA1
1b62f6d53570d7cd3c8d04e6ea7e349b5de5cc89

SHA256
3edd74d68dd78681ed9eae3973ee2fb878c60e6e24dfa313ea2b4547008b1149

SHA512
f03ef03ffd926c35a6c88be065a8b6174af323a9fc633fc8d0c1ee55bf8b2eb5ef824d9c9feda21104dd10ff7f0d8d0660e9d4ba0cd8a932dd5d8e342f023ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MMLo7.Rat\MMLo7 Rat.exe.config

Filesize
161B

MD5
c16b0746faa39818049fe38709a82c62

SHA1
3fa322fe6ed724b1bc4fd52795428a36b7b8c131

SHA256
d61bde901e7189cc97d45a1d4c4aa39d4c4de2b68419773ec774338506d659ad

SHA512
cbcba899a067f8dc32cfcbd1779a6982d25955de91e1e02cee8eaf684a01b0dee3642c2a954903720ff6086de5a082147209868c03665c89f814c6219be2df7c

Download Submit