Overview

overview

7

Static

static

3

3134871e1d...08.exe

windows7-x64

7

3134871e1d...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2023, 03:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3134871e1d6aeab6d3a5ff5e23e9cde40f50b2f36ce1031403f4457958c1df08.exe

  • Size

    76KB

  • MD5

    24aa1892cc9a6e754550df904bdf242c

  • SHA1

    63bc9ac9b0ec45517191a7b2e3ededf79907e429

  • SHA256

    3134871e1d6aeab6d3a5ff5e23e9cde40f50b2f36ce1031403f4457958c1df08

  • SHA512

    8485fe49bf6d9e376a6093afe12d9e520ae87e5178e3129bc51d4d18cd3dda105ac864360f879aeb7100101e0c205a7044108c68982b97d0b9beeae48753c6e8

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOA:RshfSWHHNvoLqNwDDGw02eQmh0HjWOA

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3134871e1d6aeab6d3a5ff5e23e9cde40f50b2f36ce1031403f4457958c1df08.exe
    "C:\Users\Admin\AppData\Local\Temp\3134871e1d6aeab6d3a5ff5e23e9cde40f50b2f36ce1031403f4457958c1df08.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    73KB

    MD5

    58b2e66626b1b479710f5d885ce127cb

    SHA1

    22ba66d054beb7c7e9359ea8b326a85ad2a81748

    SHA256

    53971276fd83c5ab85e0d4c258c8951ab005d20a8d198c59862a2478d856742c

    SHA512

    0cf33e3a69933db708f3cfb4a45a1c3e19b6840ead4a985f63f8e423cc18a4e8e11000f94cba90d9a81e2b51a2ac4f5d37d18299c49058bd209a1ae868fe6a45

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    e77bcda4d78e37e95c8fc01a553faff6

    SHA1

    08a10794085afb779651ab7aaf24c09652794f14

    SHA256

    83354a632eb1611f53462711108b411fae8de4aa8b65cef3f0c72a76fec89241

    SHA512

    dcfc63e76224fbe21cc03e04bc3876021cd9216239ec5c26c3b7b1473181c7c449b9666323b251a3585d09e57111817d2729291f2d05f00a2a6d4da1579c8cf2

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    e77bcda4d78e37e95c8fc01a553faff6

    SHA1

    08a10794085afb779651ab7aaf24c09652794f14

    SHA256

    83354a632eb1611f53462711108b411fae8de4aa8b65cef3f0c72a76fec89241

    SHA512

    dcfc63e76224fbe21cc03e04bc3876021cd9216239ec5c26c3b7b1473181c7c449b9666323b251a3585d09e57111817d2729291f2d05f00a2a6d4da1579c8cf2

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    e77bcda4d78e37e95c8fc01a553faff6

    SHA1

    08a10794085afb779651ab7aaf24c09652794f14

    SHA256

    83354a632eb1611f53462711108b411fae8de4aa8b65cef3f0c72a76fec89241

    SHA512

    dcfc63e76224fbe21cc03e04bc3876021cd9216239ec5c26c3b7b1473181c7c449b9666323b251a3585d09e57111817d2729291f2d05f00a2a6d4da1579c8cf2

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    e77bcda4d78e37e95c8fc01a553faff6

    SHA1

    08a10794085afb779651ab7aaf24c09652794f14

    SHA256

    83354a632eb1611f53462711108b411fae8de4aa8b65cef3f0c72a76fec89241

    SHA512

    dcfc63e76224fbe21cc03e04bc3876021cd9216239ec5c26c3b7b1473181c7c449b9666323b251a3585d09e57111817d2729291f2d05f00a2a6d4da1579c8cf2

    Download Submit

  • memory/2164-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2164-12-0x0000000000350000-0x0000000000366000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2164-20-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2164-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3008-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download