Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
-
submitted
11/10/2023, 20:20
General
-
Target
f397275e901f10655b6cd89988239dfabdb2ee1cde079b1c43770db9bd63b7ad.exe
-
Size
74KB
-
MD5
5a4aee9ed4978136876c444ef8fdcbcc
-
SHA1
de43ba821c1efdc0ff461dfe7a04dcf3e8c59759
-
SHA256
f397275e901f10655b6cd89988239dfabdb2ee1cde079b1c43770db9bd63b7ad
-
SHA512
01f7d4bbdbf487dafeb8d33f420fbe6f108b034fbdd623051144897331616a11bb2312cc8220ee10fbb4c03145a461cd27d6ff356d77dd8301c24946052bdd12
-
SSDEEP
768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO37:RshfSWHHNvoLqNwDDGw02eQmh0HjWO37
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 5 IoCs
-
Drops file in System32 directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f397275e901f10655b6cd89988239dfabdb2ee1cde079b1c43770db9bd63b7ad.exe"C:\Users\Admin\AppData\Local\Temp\f397275e901f10655b6cd89988239dfabdb2ee1cde079b1c43770db9bd63b7ad.exe"1⤵
- Modifies system executable filetype association
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system\rundll32.exeC:\Windows\system\rundll32.exe2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
73KB
MD5078212867b1203d6271434a5cabe298f
SHA1b938e57d9cc224eb5b47fd497dae17f2a02e377a
SHA256010e2a7e9f96a152684738f949c1e933c39198816d84812642eef63eee1b13f7
SHA51277499b02ab642260321e0694ea104178a8e6678b1ca7bfab8e35d137fd984a74d24f2740fc543d0e87e771dec5deac9d7a5de0f2dc25d87a117e2fd19e754b64
-
Filesize
76KB
MD52febcd054b36f05419623ad58d9d576e
SHA1e5748b1fb68445e8e84c708593267b3683013472
SHA2564a9fad2225032413be7ec122df6a94e85dd7960f6bea3231205715df46860823
SHA5126fd62523a504497fde2e3e92bcc83a8f6199b872cfa88cb8683e48e3acd001e12484cd348f10fc80524105510d21cd0064a6aba2bceb4df542c381c56d5415b4
-
Filesize
76KB
MD52febcd054b36f05419623ad58d9d576e
SHA1e5748b1fb68445e8e84c708593267b3683013472
SHA2564a9fad2225032413be7ec122df6a94e85dd7960f6bea3231205715df46860823
SHA5126fd62523a504497fde2e3e92bcc83a8f6199b872cfa88cb8683e48e3acd001e12484cd348f10fc80524105510d21cd0064a6aba2bceb4df542c381c56d5415b4
-
Filesize
86KB
-
Filesize
86KB
-
Filesize
86KB