Overview

overview

7

Static

static

3

7c3a3379be...6e.exe

windows7-x64

7

7c3a3379be...6e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 08:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c3a3379be3690bc4712d6b0960653df729684976f03cf0ec3328856fbad366e.exe

  • Size

    79KB

  • MD5

    e06f2e989fad7db423ef3d9ba314276d

  • SHA1

    e1c9173ffbb74a2fe54a67e1dc5c5611a7bfda07

  • SHA256

    7c3a3379be3690bc4712d6b0960653df729684976f03cf0ec3328856fbad366e

  • SHA512

    75e5094d026eb1893d2b318b8334b6162aaf9d19bb5b802d6f5e101c2b1be5b63affcb5166e01aba50b5262a552c7d7197d3fddb7b5a782890f5dbd90cb3d8af

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOy69G:GhfxHNIreQm+Hiz69G

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c3a3379be3690bc4712d6b0960653df729684976f03cf0ec3328856fbad366e.exe
    "C:\Users\Admin\AppData\Local\Temp\7c3a3379be3690bc4712d6b0960653df729684976f03cf0ec3328856fbad366e.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    744872b13f0add46f36de915bb587125

    SHA1

    0fbd400cbe8e4638ff923934e7df210a39a03b90

    SHA256

    4bb8ec9fac2ddc38c3ae514730ed28223cbc026eaee72da90b538f4fcbc44dce

    SHA512

    e51197d04ddeca5e39eabfcb8ab898b1dc84440216f2424abe4b1c1c6040204fff9123e9fafdcb6a77ed664a30bbca3794d8526203e548d713f862de1da6a0b3

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    dbf0fa80c9c0e6b7587dcc7a5a1b1916

    SHA1

    16b89e62ca0dd49f35e9e603e75ded1690cf6d13

    SHA256

    98bbc15951a44607a5f1f513189256e42684cf03d984cfe9a42b4ba2993085c6

    SHA512

    b39d73eeb797a27833da3ef3caac49f3e6b7044d294501023eadecfdd3e187e2368b5cc4063947350b0fc12b2025dd70edb363ee15fb5c3a2875d29a1ecaabc0

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    dbf0fa80c9c0e6b7587dcc7a5a1b1916

    SHA1

    16b89e62ca0dd49f35e9e603e75ded1690cf6d13

    SHA256

    98bbc15951a44607a5f1f513189256e42684cf03d984cfe9a42b4ba2993085c6

    SHA512

    b39d73eeb797a27833da3ef3caac49f3e6b7044d294501023eadecfdd3e187e2368b5cc4063947350b0fc12b2025dd70edb363ee15fb5c3a2875d29a1ecaabc0

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    dbf0fa80c9c0e6b7587dcc7a5a1b1916

    SHA1

    16b89e62ca0dd49f35e9e603e75ded1690cf6d13

    SHA256

    98bbc15951a44607a5f1f513189256e42684cf03d984cfe9a42b4ba2993085c6

    SHA512

    b39d73eeb797a27833da3ef3caac49f3e6b7044d294501023eadecfdd3e187e2368b5cc4063947350b0fc12b2025dd70edb363ee15fb5c3a2875d29a1ecaabc0

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    dbf0fa80c9c0e6b7587dcc7a5a1b1916

    SHA1

    16b89e62ca0dd49f35e9e603e75ded1690cf6d13

    SHA256

    98bbc15951a44607a5f1f513189256e42684cf03d984cfe9a42b4ba2993085c6

    SHA512

    b39d73eeb797a27833da3ef3caac49f3e6b7044d294501023eadecfdd3e187e2368b5cc4063947350b0fc12b2025dd70edb363ee15fb5c3a2875d29a1ecaabc0

    Download Submit

  • memory/2216-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2216-12-0x0000000000350000-0x0000000000366000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2216-17-0x0000000000350000-0x0000000000366000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2216-22-0x0000000000350000-0x0000000000352000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2216-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2668-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2668-23-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download