Overview

overview

7

Static

static

3

15706d9cf8...ff.exe

windows7-x64

7

15706d9cf8...ff.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2023, 07:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    15706d9cf82fc2e4ef220a0274549aba00d4c2e637f6d98991107e08b51fb1ff.exe

  • Size

    74KB

  • MD5

    dcb2679138812257eb9a0f16012db6c9

  • SHA1

    d85d098b84db2db93a7a915ec37bac87e6967b80

  • SHA256

    15706d9cf82fc2e4ef220a0274549aba00d4c2e637f6d98991107e08b51fb1ff

  • SHA512

    93be60f7954ad2e07627ab3385df7820358ac5bf6cdf86d911bf86c6ca02be04d5f3aae2ac3793d6ff41e8e63f6fb2ae5877b23756dca57ece43924e6afc00f1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOe01:GhfxHNIreQm+Hi5e

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15706d9cf82fc2e4ef220a0274549aba00d4c2e637f6d98991107e08b51fb1ff.exe
    "C:\Users\Admin\AppData\Local\Temp\15706d9cf82fc2e4ef220a0274549aba00d4c2e637f6d98991107e08b51fb1ff.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3236
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          78KB

          MD5

          8e29ed79d48d4e5c8695bef48bc69804

          SHA1

          c13818a53937c358732d0dcaa552702843ac2698

          SHA256

          a09e022c7690d9e47ce77e61a74e4aa8ee53df0b85a2c2f16cda54bb891c3ee3

          SHA512

          ac4d0128b716b481b98dbac86f56667e216df05ccee4e7b3061653d0996b1b2991b72f807f427827a515b871e87142fe4868d38ecd53085c23145f41883867ac

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          79KB

          MD5

          d9dedbdfd276f212e79864b3479e52df

          SHA1

          23b5752cd3ce970f0b72175a3349f25492f56939

          SHA256

          7406d8d299b0e0cf336452c5d6a2434fdecc0133d96d5e2a96337a704fe05a8c

          SHA512

          8345ec495abbc5d2e6ac6151a665591386d074f1b7f747a7b38afa24b838946cf348b157456fe971dee983e8b3e14fd255eb1d2827792bca3ed55bb9f8511b01

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          79KB

          MD5

          d9dedbdfd276f212e79864b3479e52df

          SHA1

          23b5752cd3ce970f0b72175a3349f25492f56939

          SHA256

          7406d8d299b0e0cf336452c5d6a2434fdecc0133d96d5e2a96337a704fe05a8c

          SHA512

          8345ec495abbc5d2e6ac6151a665591386d074f1b7f747a7b38afa24b838946cf348b157456fe971dee983e8b3e14fd255eb1d2827792bca3ed55bb9f8511b01

          Download Submit

        • memory/3236-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/3236-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/3456-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download