Overview

overview

7

Static

static

3

d5ed71cd6c...66.exe

windows7-x64

7

d5ed71cd6c...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    162s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 10:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5ed71cd6ceeffaff8636a9988466f3cc2561d1a2905ed4be5bd0894957ac966.exe

  • Size

    73KB

  • MD5

    808345ec6e4849362d3ea938066f2d45

  • SHA1

    e466577521b4678a7a341bbb27f9ddaf5114b8a3

  • SHA256

    d5ed71cd6ceeffaff8636a9988466f3cc2561d1a2905ed4be5bd0894957ac966

  • SHA512

    200b76467b23cb00972cdc14be338121776c2d49e6cb338cb034362d78976bf08426e8ef426c913093af2b2db9d5b6acae9df3c7f9b3cc32e11a9e158dbaec1c

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5ed71cd6ceeffaff8636a9988466f3cc2561d1a2905ed4be5bd0894957ac966.exe
    "C:\Users\Admin\AppData\Local\Temp\d5ed71cd6ceeffaff8636a9988466f3cc2561d1a2905ed4be5bd0894957ac966.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4892
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          81KB

          MD5

          b8a7c6816c5fd4e1fb48c38b37e947e0

          SHA1

          c76e8b1afebfa47cbafcdfa20a02b9611acf6526

          SHA256

          ff7dd5fa30664e3a4500045b46d0d61b1a4fce3a80cf8f13b5b3898265d6f8f0

          SHA512

          6e089aa1b98ff4b1d1dc732b61bf4507b8032922cc6f9491a9e75c3fe304ffe7c65e2e911c53946006574baa80fdb1ebde5c6eada03c8262971ed26c96da1d5a

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          83KB

          MD5

          e919ea76bfcde518f9c2de9d9ec21dd9

          SHA1

          470326e9f21b7b259f4a216be8029eaa25579e5b

          SHA256

          9a97c7374fef7f10a67de649cab57ab067f4a77a1fe849832ac636ba1207aa23

          SHA512

          46d4c9d9d6d624ebf8e0d69ca96e56b1324b102d44bef49d61835c19acb6d2ba38beb438b4faebb9ff4e1a940467ad8533961e63936cf451a0f5894ecfee0c9d

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          83KB

          MD5

          e919ea76bfcde518f9c2de9d9ec21dd9

          SHA1

          470326e9f21b7b259f4a216be8029eaa25579e5b

          SHA256

          9a97c7374fef7f10a67de649cab57ab067f4a77a1fe849832ac636ba1207aa23

          SHA512

          46d4c9d9d6d624ebf8e0d69ca96e56b1324b102d44bef49d61835c19acb6d2ba38beb438b4faebb9ff4e1a940467ad8533961e63936cf451a0f5894ecfee0c9d

          Download Submit

        • memory/4892-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4892-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download