Overview

overview

7

Static

static

3

17ce287540...20.exe

windows7-x64

7

17ce287540...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-09-2023 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17ce2875407346254066382b74b1e2e531f9176e62d351d8b53d4a164d17d020.exe

  • Size

    75KB

  • MD5

    96c1938d528352b177e4dbcb5f8928bc

  • SHA1

    d464ebaaf2d099e487a58bb581f6a162ffc91ade

  • SHA256

    17ce2875407346254066382b74b1e2e531f9176e62d351d8b53d4a164d17d020

  • SHA512

    f774d457223fcdbb6881f9eebb07112731769dee7b38b370ffec384eba227fd1669244a86e99488ae62aeb4ab00386b6fd4c15fdba02bcdc64497fda3051d648

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOpWo:GhfxHNIreQm+HieWo

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17ce2875407346254066382b74b1e2e531f9176e62d351d8b53d4a164d17d020.exe
    "C:\Users\Admin\AppData\Local\Temp\17ce2875407346254066382b74b1e2e531f9176e62d351d8b53d4a164d17d020.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3660
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    75KB

    MD5

    74798b8aaa925edf3240065eccea5b0c

    SHA1

    d3608d9502038c64b208f4d7e0222d2a6879a71e

    SHA256

    864fc36fcea0be3c13d41b8880975c4998610e59e906dbbb6e9cca155a864c6d

    SHA512

    b59e167bd373d90d1e3ea68d4873661e5b96be21ec22a79070a68d4f9af77447476ac6072404640f4108c1998e440f3a99c97573874bce97b09f9a52b422032c

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    78KB

    MD5

    2db4a4d00cf89faf6abe78185403ea37

    SHA1

    cda986b95045c4976d0f9f071124d32e0247c75e

    SHA256

    4c6589d8af714430553ee25fa3715cf781cd50e562bc3587d04afcc9e77753e8

    SHA512

    3fcbc83c2072eed8f6da1f0892b4b085a5af60e87722d0929257999f487b2a880f4448a13c73d820308efc94d24bacffad4ea5dd4710ac115fa51e67dde2d2d4

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    78KB

    MD5

    2db4a4d00cf89faf6abe78185403ea37

    SHA1

    cda986b95045c4976d0f9f071124d32e0247c75e

    SHA256

    4c6589d8af714430553ee25fa3715cf781cd50e562bc3587d04afcc9e77753e8

    SHA512

    3fcbc83c2072eed8f6da1f0892b4b085a5af60e87722d0929257999f487b2a880f4448a13c73d820308efc94d24bacffad4ea5dd4710ac115fa51e67dde2d2d4

    Download Submit

  • memory/2904-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3660-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3660-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download