Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2023, 02:52

General

  • Target

    0b07fb523fc6eb277b443968b841aa8b17623c1fa1765399cac978afbad40bd9.exe

  • Size

    78KB

  • MD5

    5599d7868bd1287150ab8a1d6bccc7bf

  • SHA1

    74b69832a55f056d3bb2e4da62f53de362ec3dfd

  • SHA256

    0b07fb523fc6eb277b443968b841aa8b17623c1fa1765399cac978afbad40bd9

  • SHA512

    063dcbf572e47256e2f31e1269f8e7742b32410cbbd37ebab65e0ca2980026e936d9859208cd2b55febe5cf1b6c56d233c35f429b08aa7ca567557fb7cf46573

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO2P:RshfSWHHNvoLqNwDDGw02eQmh0HjWO2P

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b07fb523fc6eb277b443968b841aa8b17623c1fa1765399cac978afbad40bd9.exe
    "C:\Users\Admin\AppData\Local\Temp\0b07fb523fc6eb277b443968b841aa8b17623c1fa1765399cac978afbad40bd9.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4404
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    73KB

    MD5

    187b642cae94a21375a8c89dccb0a09b

    SHA1

    68acd997cda6f0c7c072894d3b65168d59ab27c7

    SHA256

    734ccec367dbe4e8dc0ab0e3814fcf632298b5acf17fd3bdebc3fc72ef8e0e39

    SHA512

    739c0f58bc231042eab7ebface061a7318d27fac1cf544f20b6e3121d49b872aa641518e8fd584b3eb68cc228e96bdd3c70d576c52a5799ed29b415307374016

  • C:\Windows\System\rundll32.exe

    Filesize

    78KB

    MD5

    f4c7a484df4f7d06b21adc31dabe0b5b

    SHA1

    d693d9571943c839213aee524a7db10563a01c63

    SHA256

    2b48759e2c424a97600b9f4f0f3c63d36b4daf19a82a9c663bca95ecb3ae6be2

    SHA512

    5185ffc2fda3643f006a0d1debb060bb3a7a8d61cf52d5680d22e96eba1987ef5ad18b2d56be082f830cc7dddc58d0575a17173b264eea9075b96fc090ba0184

  • C:\Windows\system\rundll32.exe

    Filesize

    78KB

    MD5

    f4c7a484df4f7d06b21adc31dabe0b5b

    SHA1

    d693d9571943c839213aee524a7db10563a01c63

    SHA256

    2b48759e2c424a97600b9f4f0f3c63d36b4daf19a82a9c663bca95ecb3ae6be2

    SHA512

    5185ffc2fda3643f006a0d1debb060bb3a7a8d61cf52d5680d22e96eba1987ef5ad18b2d56be082f830cc7dddc58d0575a17173b264eea9075b96fc090ba0184

  • memory/3576-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4404-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4404-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB