Overview

overview

7

Static

static

3

2a62dc0cb1...00.exe

windows7-x64

7

2a62dc0cb1...00.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2023, 09:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2a62dc0cb180264344ea7e0214337cd4cdf2c8c9050a661103b7b5969f208600.exe

  • Size

    81KB

  • MD5

    863c77c00f358fb12d433654311c2960

  • SHA1

    09a1ff4b19688a0cf21deaae79069fd6184f8a3e

  • SHA256

    2a62dc0cb180264344ea7e0214337cd4cdf2c8c9050a661103b7b5969f208600

  • SHA512

    1c20141e2002955c336b03c187b45213e36f013bd8602df5008ec58fff1ab4cf880f66da4170e930976757e505018ccd896faf87f53119d25a44efd1edf3e2ef

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOb+o/H2vxvlH0duj4nxY:GhfxHNIreQm+HiaPiVSo

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a62dc0cb180264344ea7e0214337cd4cdf2c8c9050a661103b7b5969f208600.exe
    "C:\Users\Admin\AppData\Local\Temp\2a62dc0cb180264344ea7e0214337cd4cdf2c8c9050a661103b7b5969f208600.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:388
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:428
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:924

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\notepad¢¬.exe
            Filesize

            84KB

            MD5

            5877405fee37351f3750d3c5e9fb9f0f

            SHA1

            7876328292d0b40e126cf8930431cce0aba4b486

            SHA256

            eda6b2ca077b9bc4f63599b1189a124d071523815a27fc03f06bc722b3c9fe2d

            SHA512

            9516fa2db95bb1b0e5370789d0fc34e8a411083920c97bd717783bb0644d06ab5a25ba93de20bcf552c15ef8bb1b63e766dc55ecad11d9f1ece465d1f2d3b450

            Download Submit

          • C:\Windows\System\rundll32.exe
            Filesize

            82KB

            MD5

            144489247f4e3e4f9d85c20f8f5b08b4

            SHA1

            d3567c18328f231d079775d88badb624f7b4aa40

            SHA256

            31ab2c608441889066acb403636bad4160cb588b047b182b0d69297c2b25cd75

            SHA512

            3f5a96f6dd9489a88a2f7e06b199ab749c3d3fcd5ab60732b30b46b6568f2b1cc27f045166edfdf74c98f16c67b59717b83a04b3be91e5a153746c9a32736200

            Download Submit

          • C:\Windows\system\rundll32.exe
            Filesize

            82KB

            MD5

            144489247f4e3e4f9d85c20f8f5b08b4

            SHA1

            d3567c18328f231d079775d88badb624f7b4aa40

            SHA256

            31ab2c608441889066acb403636bad4160cb588b047b182b0d69297c2b25cd75

            SHA512

            3f5a96f6dd9489a88a2f7e06b199ab749c3d3fcd5ab60732b30b46b6568f2b1cc27f045166edfdf74c98f16c67b59717b83a04b3be91e5a153746c9a32736200

            Download Submit

          • memory/388-51-0x0000000000400000-0x0000000000415A00-memory.dmp

            Filesize

            86KB

            Download

          • memory/924-14-0x0000023928A40000-0x0000023928A50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/924-30-0x0000023928B40000-0x0000023928B50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/924-46-0x0000023930E40000-0x0000023930E41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/924-48-0x0000023930E70000-0x0000023930E71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/924-49-0x0000023930E70000-0x0000023930E71000-memory.dmp

            Filesize

            4KB

            Download

          • memory/924-50-0x0000023930F80000-0x0000023930F81000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4760-0-0x0000000000400000-0x0000000000415A00-memory.dmp

            Filesize

            86KB

            Download

          • memory/4760-13-0x0000000000400000-0x0000000000415A00-memory.dmp

            Filesize

            86KB

            Download