667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e

Analysis

max time kernel
120s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe
Size

826KB
MD5

ac3b6e59ad7a367f5fa49b331e2dc207
SHA1

9f3fad233a4e5612ed16db5f9786f22333c7a3a0
SHA256

667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e
SHA512

dd53fee4dfd3f9aecb7f36583c83e9677bca0afb955f55728e1dcc2121c30d26777342b5ba691228fe26497f2c3f4ea75e4b3ffcfad8aa8511fc563d0b23299c
SSDEEP

12288:GybboHM6c97agSx63W36XnQz65iWDIb99wB+gazZp5+ZTa4wpcVcA+PKC2mhUP:GGbv6w71WKXPUb99eagTa4f2A+WmhUP

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Windows\CurrentVersion\Run\Serverx = "C:\\Windows\\system32\\Serverx.exe"	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Serverx.exe	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe
File opened for modification	C:\Windows\SysWOW64\Serverx.exe	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 1884	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	29
PID 2588 wrote to memory of 1884	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	29
PID 2588 wrote to memory of 1884	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	29
PID 2588 wrote to memory of 1884	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	29
PID 2588 wrote to memory of 1220	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	8
PID 2588 wrote to memory of 1220	2588	667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe	8

C:\Users\Admin\AppData\Local\Temp\667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe
"C:\Users\Admin\AppData\Local\Temp\667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe
  "C:\Users\Admin\AppData\Local\Temp\667484d9a96edb3ee6bbec6fd14f26fb7cf074113c6602fe0177587be4a7d70e.exe"
  2⤵
  PID:1884

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1220-5-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/1220-6-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

Filesize
4KB

Download
memory/1884-3-0x00000000008D0000-0x00000000009A2DD6-memory.dmp

Filesize
843KB

Download
memory/2588-0-0x00000000008D0000-0x00000000009A2DD6-memory.dmp

Filesize
843KB

Download
memory/2588-1-0x00000000008D0000-0x00000000009A2DD6-memory.dmp

Filesize
843KB

Download
memory/2588-2-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/2588-7-0x00000000008D0000-0x00000000009A2DD6-memory.dmp

Filesize
843KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads