Overview

overview

7

Static

static

3

5c057e9597...45.exe

windows7-x64

7

5c057e9597...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2023 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c057e9597dddaf151c2784acf7158c9c18cbf11e663f7156976fcdc601c7b45.exe

  • Size

    82KB

  • MD5

    fe2bd44489ea2b5ef3b38f61ddae0653

  • SHA1

    d7ab2e89d692b14f83bb4fb528916e60451a05fb

  • SHA256

    5c057e9597dddaf151c2784acf7158c9c18cbf11e663f7156976fcdc601c7b45

  • SHA512

    048bccda9a98134c616d7c437d84dbb3dbf50752e03e47f03e4f5c27437d6f4e138d8f105391d73bd88285937151012a511ce43154d97d95334f07b434162057

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOAo4BENO:GhfxHNIreQm+HiNo4BENO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c057e9597dddaf151c2784acf7158c9c18cbf11e663f7156976fcdc601c7b45.exe
    "C:\Users\Admin\AppData\Local\Temp\5c057e9597dddaf151c2784acf7158c9c18cbf11e663f7156976fcdc601c7b45.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2472
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    76KB

    MD5

    553467c96e0c49551a629222e128cb61

    SHA1

    c2815063c9c365a17c9794bf2f7d482a52d2477b

    SHA256

    3d4f94ed291f4a5b9275c8d4c6c81807b761e879b728e4216ce9f5e18ff4543c

    SHA512

    7c080a00e08b89efc46099d84ad755eba4287627ff6bac00ddfc8b611f218db18a019ca4dba6339993fdd5cf2280df4ce3ee9402dbfc2bcadd43fc3e29ef7159

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    4603b0a0b6782ba31afe0ae3316d0df6

    SHA1

    ee54340537f2331f3f38d8357f2a68bff1a874a8

    SHA256

    3c4b69deb8c7a8216e403dbd05a97c3d1bcccf42ba81ed14a06eeabe210f35bb

    SHA512

    c4d91f1ba9a5700a3560f1751fb01925afdd9df9bbb15eb8a49ebd46d40ceb44fa86848154a1e8770715c47d9f03ea07148016252671f240cc9c29519a86c752

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    4603b0a0b6782ba31afe0ae3316d0df6

    SHA1

    ee54340537f2331f3f38d8357f2a68bff1a874a8

    SHA256

    3c4b69deb8c7a8216e403dbd05a97c3d1bcccf42ba81ed14a06eeabe210f35bb

    SHA512

    c4d91f1ba9a5700a3560f1751fb01925afdd9df9bbb15eb8a49ebd46d40ceb44fa86848154a1e8770715c47d9f03ea07148016252671f240cc9c29519a86c752

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    4603b0a0b6782ba31afe0ae3316d0df6

    SHA1

    ee54340537f2331f3f38d8357f2a68bff1a874a8

    SHA256

    3c4b69deb8c7a8216e403dbd05a97c3d1bcccf42ba81ed14a06eeabe210f35bb

    SHA512

    c4d91f1ba9a5700a3560f1751fb01925afdd9df9bbb15eb8a49ebd46d40ceb44fa86848154a1e8770715c47d9f03ea07148016252671f240cc9c29519a86c752

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    4603b0a0b6782ba31afe0ae3316d0df6

    SHA1

    ee54340537f2331f3f38d8357f2a68bff1a874a8

    SHA256

    3c4b69deb8c7a8216e403dbd05a97c3d1bcccf42ba81ed14a06eeabe210f35bb

    SHA512

    c4d91f1ba9a5700a3560f1751fb01925afdd9df9bbb15eb8a49ebd46d40ceb44fa86848154a1e8770715c47d9f03ea07148016252671f240cc9c29519a86c752

    Download Submit

  • memory/2308-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2472-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2472-11-0x0000000000340000-0x0000000000356000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2472-20-0x0000000000340000-0x0000000000346000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2472-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download