Overview

overview

7

Static

static

3

71cf6e2185...54.exe

windows7-x64

7

71cf6e2185...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2023, 04:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    71cf6e21855662ae341fbc57a0a966216d9505a84fa3a06be4f2304d65446b54.exe

  • Size

    80KB

  • MD5

    5735a6a5458c40d9f4d665fb56fa8b62

  • SHA1

    8aba31307d45546cb009a8b0cfc79c4e0f832f29

  • SHA256

    71cf6e21855662ae341fbc57a0a966216d9505a84fa3a06be4f2304d65446b54

  • SHA512

    0fef7772641e98003733ad933b854fc9006f25aea1a291d4efa763d0ac86173cb0baa6c1bfa9f9b38d6a562bf34597da851aa78bc208c81ca0e5ed8b6bf49a6c

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOMD:RshfSWHHNvoLqNwDDGw02eQmh0HjWOy

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\71cf6e21855662ae341fbc57a0a966216d9505a84fa3a06be4f2304d65446b54.exe
    "C:\Users\Admin\AppData\Local\Temp\71cf6e21855662ae341fbc57a0a966216d9505a84fa3a06be4f2304d65446b54.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4420
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          77KB

          MD5

          2f5f968821303e715c994ae20e253526

          SHA1

          04d0645b6bd202663d67032be39e92a2569be5bf

          SHA256

          442f9e74ed98260a3e8623819bfa882d213b859c49e96e7d734ffbdaa37badd3

          SHA512

          5cc495eefca69c94694b1d592dc1d73c428f0fd1cf6e02abeb45319af9e3d483e666fcc4148d8632602dfe4bb952f43583a57bbc12af25d127949cfbbd9c45cf

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          76KB

          MD5

          9e8f7065af37dcf970b89de4e954c13f

          SHA1

          907202ca1bd43ab85afec2a20332f0c02b0b8b93

          SHA256

          cb73c67dd3b6ac3939b2c81250ae05d3ee31a3c3f0cf6e2608b86d2a02e08f36

          SHA512

          b53cb7689a6faa8a399063fb46edc8a9b9b2879a519e318e0fce8306cca1476a5c112883109d99f00ba512b0e36ccd089fd536a2acb720d84c775bc2efd8948e

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          76KB

          MD5

          9e8f7065af37dcf970b89de4e954c13f

          SHA1

          907202ca1bd43ab85afec2a20332f0c02b0b8b93

          SHA256

          cb73c67dd3b6ac3939b2c81250ae05d3ee31a3c3f0cf6e2608b86d2a02e08f36

          SHA512

          b53cb7689a6faa8a399063fb46edc8a9b9b2879a519e318e0fce8306cca1476a5c112883109d99f00ba512b0e36ccd089fd536a2acb720d84c775bc2efd8948e

          Download Submit

        • memory/2976-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4420-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4420-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download