Overview

overview

7

Static

static

3

dcdc9d5ca4...db.exe

windows7-x64

7

dcdc9d5ca4...db.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/08/2023, 14:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcdc9d5ca48b187e43579970d081041297b8fa202a4420d613102b150c6d4edb.exe

  • Size

    75KB

  • MD5

    8021a741998f62d03f8014e654d97ec3

  • SHA1

    336edfef185a7f02136de3a195406cc82bbb44e2

  • SHA256

    dcdc9d5ca48b187e43579970d081041297b8fa202a4420d613102b150c6d4edb

  • SHA512

    76a05642924f5eddff42148b9e4aff129c286057fa86268dc451fa82ec7453d576656533db4543a5e1b89fd44e7060d795c0f51ace830c572de3ce91c68138bd

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcdc9d5ca48b187e43579970d081041297b8fa202a4420d613102b150c6d4edb.exe
    "C:\Users\Admin\AppData\Local\Temp\dcdc9d5ca48b187e43579970d081041297b8fa202a4420d613102b150c6d4edb.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    76KB

    MD5

    c2ba8b420537407571618d9f84ee1483

    SHA1

    5907e1a56267637c15f258616f60be256be7bb6f

    SHA256

    b9ffb596c9dc982771d49388dfe6454f68d0b432ec5529f189cb58749e0b7627

    SHA512

    dde6a603ea2525aa7feb77cff99383a4a318b3320ffae4bc42ae5faa5c005dbf98e1360a8a90a987ac3afb6fdc0945eed8010078862963904a092fa81313befe

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    81KB

    MD5

    b6283d623ed0fd976163010478bc958a

    SHA1

    15fbed2092db70be738a4f92ca9e7f845df0d28f

    SHA256

    4cf05b547bcd3c924ccd22eb3ee67d739b02c70da64233d2abe0e0e76c8a72a7

    SHA512

    6900d231a93bd9eca7e0a8d6054c2ec5139b7910b3a59ba94b22ab836adbe84583e273cb1c0715594265864295d043f8880dcccb2cdb11fe20d6f9204e08fd24

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    b6283d623ed0fd976163010478bc958a

    SHA1

    15fbed2092db70be738a4f92ca9e7f845df0d28f

    SHA256

    4cf05b547bcd3c924ccd22eb3ee67d739b02c70da64233d2abe0e0e76c8a72a7

    SHA512

    6900d231a93bd9eca7e0a8d6054c2ec5139b7910b3a59ba94b22ab836adbe84583e273cb1c0715594265864295d043f8880dcccb2cdb11fe20d6f9204e08fd24

    Download Submit

  • memory/2152-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4580-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4580-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download