Overview

overview

7

Static

static

3

06717b2d32...cc.exe

windows7-x64

7

06717b2d32...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2023, 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06717b2d323266fcaf47484058df07be3610c5eb113754119913a183ebff22cc.exe

  • Size

    80KB

  • MD5

    22ae85ec72eb9675462270044176815e

  • SHA1

    9c73eae8388ae7c90b92e995283913ee964597ac

  • SHA256

    06717b2d323266fcaf47484058df07be3610c5eb113754119913a183ebff22cc

  • SHA512

    9ea5bbb1e6f67db0126815c5bf62bd52048c646dab12e0183f66465be07f4c261dd7a6b0a7235d0befdfd2476f52c7b31fd38b6d8d010ed79bf2f149495b3685

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOVr:RshfSWHHNvoLqNwDDGw02eQmh0HjWOt

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06717b2d323266fcaf47484058df07be3610c5eb113754119913a183ebff22cc.exe
    "C:\Users\Admin\AppData\Local\Temp\06717b2d323266fcaf47484058df07be3610c5eb113754119913a183ebff22cc.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2452
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    82KB

    MD5

    84eb2f87e9265d8384b996b1d2eee0fe

    SHA1

    a40445b50b886396c46cf47a6887ab3a10f7687c

    SHA256

    b19d2ceaa18c33ec58174c7a55c6ffde0ec31b70b4ba57ec82570a5807582e05

    SHA512

    cbce80690c5e295bd463da6ef7590b4010c3ea15fab7ba6cf0b9a62cb3519ec39b6f639ac289e39731b4d63671feeb1d1549f2eb3449cc490ea6aed173eeaefa

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    9f04115fa958795218dddd66c4e41681

    SHA1

    5781e5179c859952ba98bc5391e7dad3358b2834

    SHA256

    38ad7892bbcabfb639d3a894f76caa634aeda69f251f6cc23080dcbf9ce7317a

    SHA512

    433f8640a55410e8d49d23a5b93046871f3d056f81e8dea79735af19b8913e031e08deb86afb5ba13a5bbe4a66c672f4a7f4fe72a0f81025b95a4567443bc5b9

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    9f04115fa958795218dddd66c4e41681

    SHA1

    5781e5179c859952ba98bc5391e7dad3358b2834

    SHA256

    38ad7892bbcabfb639d3a894f76caa634aeda69f251f6cc23080dcbf9ce7317a

    SHA512

    433f8640a55410e8d49d23a5b93046871f3d056f81e8dea79735af19b8913e031e08deb86afb5ba13a5bbe4a66c672f4a7f4fe72a0f81025b95a4567443bc5b9

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    9f04115fa958795218dddd66c4e41681

    SHA1

    5781e5179c859952ba98bc5391e7dad3358b2834

    SHA256

    38ad7892bbcabfb639d3a894f76caa634aeda69f251f6cc23080dcbf9ce7317a

    SHA512

    433f8640a55410e8d49d23a5b93046871f3d056f81e8dea79735af19b8913e031e08deb86afb5ba13a5bbe4a66c672f4a7f4fe72a0f81025b95a4567443bc5b9

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    9f04115fa958795218dddd66c4e41681

    SHA1

    5781e5179c859952ba98bc5391e7dad3358b2834

    SHA256

    38ad7892bbcabfb639d3a894f76caa634aeda69f251f6cc23080dcbf9ce7317a

    SHA512

    433f8640a55410e8d49d23a5b93046871f3d056f81e8dea79735af19b8913e031e08deb86afb5ba13a5bbe4a66c672f4a7f4fe72a0f81025b95a4567443bc5b9

    Download Submit

  • memory/1140-22-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2452-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2452-12-0x00000000003C0000-0x00000000003D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2452-17-0x00000000003C0000-0x00000000003D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2452-21-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2452-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download