Overview

overview

7

Static

static

3

e4be467f7e...05.exe

windows7-x64

7

e4be467f7e...05.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2023, 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e4be467f7ead8e346239df7ec1745f7904a4f3918eaedafbbb0280c3f8bea105.exe

  • Size

    77KB

  • MD5

    9b0a9937fec1d7018a457b32a3c38dbf

  • SHA1

    846684d12de79125108337611fa4622a4cd040dc

  • SHA256

    e4be467f7ead8e346239df7ec1745f7904a4f3918eaedafbbb0280c3f8bea105

  • SHA512

    4e400a7f562d15479e8b472bc8361fda242697e096b1d5dbfa8a368bb458e296e96c705e91859f669677dcb71db3231ab2d4f676b85506d42c2cb2ae6abe8c49

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOZKhm:GhfxHNIreQm+HieKhm

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e4be467f7ead8e346239df7ec1745f7904a4f3918eaedafbbb0280c3f8bea105.exe
    "C:\Users\Admin\AppData\Local\Temp\e4be467f7ead8e346239df7ec1745f7904a4f3918eaedafbbb0280c3f8bea105.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3240
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    a01be12c100edb4422c3b9b3dbe22551

    SHA1

    bf4b6c957e9ae4aba832ec22c3cdabd851d3b3f3

    SHA256

    d144bd713ce1dca369b2f9a6d559d1625e233337d3fdae9f604ecab2bcfcccfc

    SHA512

    8ae42b10c67a3602c98413761d423a2a6dd6cfaf1e71c3522617ee99528359600668c672b3e0dd4d78928ad80a059ac0da71b63218f7a187d3df026c4b536b93

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    83KB

    MD5

    bbe15d635f0b78b8a0ee39736f7f83dc

    SHA1

    c0fb0f74f0f2a1120fdc5d5ff32ef1f133096eb3

    SHA256

    52673f1ca4e90d8e6151e9868ae4db3ca2ddeda0010ca349a7feceec3eec929b

    SHA512

    4bec2bb53150dd3ab0a9d6ce64f849c0a75c5d3e239ddeef896ebc6b004a3eedc0c4671a9ce89ab299ecd84594d6c7ac8433f6cbdc7a93dffe7b70d2461d6690

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    83KB

    MD5

    bbe15d635f0b78b8a0ee39736f7f83dc

    SHA1

    c0fb0f74f0f2a1120fdc5d5ff32ef1f133096eb3

    SHA256

    52673f1ca4e90d8e6151e9868ae4db3ca2ddeda0010ca349a7feceec3eec929b

    SHA512

    4bec2bb53150dd3ab0a9d6ce64f849c0a75c5d3e239ddeef896ebc6b004a3eedc0c4671a9ce89ab299ecd84594d6c7ac8433f6cbdc7a93dffe7b70d2461d6690

    Download Submit

  • memory/3240-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3240-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4860-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download