Analysis

  • max time kernel
    187s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 23:55

General

  • Target

    12dca89ddff6a9069880cb2fae7d6fe54a43e24e35e280cf4c59fbf06af5bbc2.exe

  • Size

    76KB

  • MD5

    aa6195e324399a8befe4a1112e6950da

  • SHA1

    85bdc430d3105b6ebd3dde567c2e876794f3f515

  • SHA256

    12dca89ddff6a9069880cb2fae7d6fe54a43e24e35e280cf4c59fbf06af5bbc2

  • SHA512

    8af010656e323c6080f5bbef7d5d807503205357144641c7eac2f8adfd055d6add2aa07c56089c82db2482d31262995896c72de539f23dd7ebd044495ebdd5e9

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12dca89ddff6a9069880cb2fae7d6fe54a43e24e35e280cf4c59fbf06af5bbc2.exe
    "C:\Users\Admin\AppData\Local\Temp\12dca89ddff6a9069880cb2fae7d6fe54a43e24e35e280cf4c59fbf06af5bbc2.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    85KB

    MD5

    f6258f56b515b41a19ff71dea2ab2d43

    SHA1

    9bfa319302fb83c418b9c63233f300b1f1629192

    SHA256

    45f67ddb1a36c15b43178d7f6bc016010efed2f67794868a366e2d338e070e53

    SHA512

    eb59909f335ac9dd61ea5759bb1ea1677a02160c07da4c1c1a7d681dcbc9d3c5e341fd18429146c7674e1550c5b1bef12e53cb3ff2c1fa6d4fe26a6d82405249

  • C:\Windows\System\rundll32.exe

    Filesize

    74KB

    MD5

    3fce9681ec0c9d76d0439d9c430aa1ce

    SHA1

    75c289001e3da6c9170206ffff8e1c1cd4b9623f

    SHA256

    c1f037d4cc3dde3294d381846f8fa825b798106f143b7aeec025f1268e5a5b08

    SHA512

    5570e3671448c8406e1b30f41b1dcd8eddcf147229e0a5a3dc18a9494f12dc9a4ecad534ce3e5f0a3d690639e0d2dbc6026707be31bf00c0fa127139314ef234

  • C:\Windows\system\rundll32.exe

    Filesize

    74KB

    MD5

    3fce9681ec0c9d76d0439d9c430aa1ce

    SHA1

    75c289001e3da6c9170206ffff8e1c1cd4b9623f

    SHA256

    c1f037d4cc3dde3294d381846f8fa825b798106f143b7aeec025f1268e5a5b08

    SHA512

    5570e3671448c8406e1b30f41b1dcd8eddcf147229e0a5a3dc18a9494f12dc9a4ecad534ce3e5f0a3d690639e0d2dbc6026707be31bf00c0fa127139314ef234

  • memory/1392-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4524-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4524-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB