Overview

overview

7

Static

static

3

c1d4def7bf...f5.exe

windows7-x64

7

c1d4def7bf...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    166s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2023 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1d4def7bf45a8a056df6df29b59e1a71cf934f140617dcd3e41dc23140526f5.exe

  • Size

    74KB

  • MD5

    6bb96a8a482f0e73a190167085a58ce1

  • SHA1

    3baa5270ef860fc089b8ffa334c4d5a74ce64409

  • SHA256

    c1d4def7bf45a8a056df6df29b59e1a71cf934f140617dcd3e41dc23140526f5

  • SHA512

    01937532e04eb1bcbc55f23b5adc41cf78e8e5b4cf22793786840a55ef027291aed5398c3b29a89ef9fb0fda0fa538e7401f91696ca8ba4a1df90389e4264876

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOs7:RshfSWHHNvoLqNwDDGw02eQmh0HjWOs7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1d4def7bf45a8a056df6df29b59e1a71cf934f140617dcd3e41dc23140526f5.exe
    "C:\Users\Admin\AppData\Local\Temp\c1d4def7bf45a8a056df6df29b59e1a71cf934f140617dcd3e41dc23140526f5.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    73KB

    MD5

    97698c56eef2958f364e0d5401ca352a

    SHA1

    0cefa81e2600b4df48f851d75c4b38b34934225b

    SHA256

    86ce96a974c991ce53190e1b27824dab832838d6e13a0981753fb776c715cfdf

    SHA512

    eb8f78235c1ddcc7755ae4aff09eaae8c2786b5744dd0b03f4849d4268881efaba72a0bd12a6b3cf489272615d13c8c519b8bc420bb9b3fc48fa585e60820510

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    73KB

    MD5

    b6583e586b99e8806a5a50f08272864b

    SHA1

    1d2135c8e155ed3f21eaf58247edf791d700357f

    SHA256

    6c2472d1b13cbe54165de945879e5e1c7e41aba6ce7997da6c6fe77f9226cf70

    SHA512

    bcfd511c88f138ca6b47a637ed31739cd3ad8bdb5ce73c574fb8d785315ee060c1a36d4209f36d5697d2b126e72f2163fb5a6f9f92118aa9dfa6c904179a7482

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    b6583e586b99e8806a5a50f08272864b

    SHA1

    1d2135c8e155ed3f21eaf58247edf791d700357f

    SHA256

    6c2472d1b13cbe54165de945879e5e1c7e41aba6ce7997da6c6fe77f9226cf70

    SHA512

    bcfd511c88f138ca6b47a637ed31739cd3ad8bdb5ce73c574fb8d785315ee060c1a36d4209f36d5697d2b126e72f2163fb5a6f9f92118aa9dfa6c904179a7482

    Download Submit

  • memory/1596-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1596-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4808-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download