Overview

overview

7

Static

static

3

280a8d140e...b3.exe

windows7-x64

7

280a8d140e...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    175s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    280a8d140ef46d1a72812a0dc4904c65738565fae0f6689bdd934f20895feab3.exe

  • Size

    83KB

  • MD5

    852f4a44a71c8cba275c1a840375f03f

  • SHA1

    9c2954cafb23de817f06dd06f41b26ca38720d8f

  • SHA256

    280a8d140ef46d1a72812a0dc4904c65738565fae0f6689bdd934f20895feab3

  • SHA512

    edc6eba67b7eaccdf3e624d3cbcdb4a15a0a46214a7133a098de5e8d0cf8c6de4687ecc4608aca89253775e8c47e4b358bf67b7f61ef198729d145116b7343d1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO4I+DM:GhfxHNIreQm+HiDI+DM

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\280a8d140ef46d1a72812a0dc4904c65738565fae0f6689bdd934f20895feab3.exe
    "C:\Users\Admin\AppData\Local\Temp\280a8d140ef46d1a72812a0dc4904c65738565fae0f6689bdd934f20895feab3.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4488
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4224

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          74KB

          MD5

          c33f4272fb4e6374736731295272499a

          SHA1

          e5d9951c78eab2b11367e41d3142c0c24650a52d

          SHA256

          212c9abf9fc29f515f1df2d3e146182aae3002316b879bc1a7f6559373f105c6

          SHA512

          b2a13cf84a165333ab701595b00fa3eb3c71bc029f524e0ae9cbf88c0d8b6207069596c076ea23141c2b0cf8afb6818a928c12b86e6c3f51b5ad66b747889dde

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          83KB

          MD5

          21c808aa5be3991fd581b24af5bd471a

          SHA1

          674a9b627e23c88f37bc0b560e1122f8490a9a11

          SHA256

          099f03e746168c316b395677c8b7569093e9d3ca5846c54bfe5fb1b00227f6c3

          SHA512

          19081d09e7348428914a1b681abe0229584dd66b75a56ff2eb596fb0f98400dc0aee5f05a2bd8c6a25ddd45f50c3604f72a6567372652cd53fcc1ae49e90fa95

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          83KB

          MD5

          21c808aa5be3991fd581b24af5bd471a

          SHA1

          674a9b627e23c88f37bc0b560e1122f8490a9a11

          SHA256

          099f03e746168c316b395677c8b7569093e9d3ca5846c54bfe5fb1b00227f6c3

          SHA512

          19081d09e7348428914a1b681abe0229584dd66b75a56ff2eb596fb0f98400dc0aee5f05a2bd8c6a25ddd45f50c3604f72a6567372652cd53fcc1ae49e90fa95

          Download Submit

        • memory/4224-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4488-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4488-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download