Overview

overview

7

Static

static

3

667141fd61...26.exe

windows7-x64

7

667141fd61...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2023, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    667141fd61489bade500be627893096cbb06282deec397f36818f497f9421626.exe

  • Size

    78KB

  • MD5

    b3de9396afc76aba1b3a848268d51ea5

  • SHA1

    742eb5b6dd49db180f45c60b763834631bd5176c

  • SHA256

    667141fd61489bade500be627893096cbb06282deec397f36818f497f9421626

  • SHA512

    b285bdf6d6190ddc86a78e78a0b81558bfac2725e16fffd767ad0ea72f3c81630c6bff0154b8fe8b044d0014a248ca891ac3ddcc90790ca3caac5b4d9d11ff38

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOUj:RshfSWHHNvoLqNwDDGw02eQmh0HjWOq

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\667141fd61489bade500be627893096cbb06282deec397f36818f497f9421626.exe
    "C:\Users\Admin\AppData\Local\Temp\667141fd61489bade500be627893096cbb06282deec397f36818f497f9421626.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2880
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    fb1619740adf91059631cbf59f861744

    SHA1

    96c90ea8246e624ddf54463959b1c0d2e3dd5869

    SHA256

    4ca43e94f1bac0572efb062898a01a45fd1ccd7de5ce52665d64571fb2e0dd07

    SHA512

    2806becb75bf93ff5c7c8629a52a71d36e929b166483dc7209b126a24d06e52dd234e48e84a65f70c76fe31d2c2dfe1c9669abbecd9c806d744e38f0a0e52b8c

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    ef1e44c323148a71e77d8a2d0c889102

    SHA1

    aedaa8919d1fa60432e2986f0978b15df5713738

    SHA256

    705329a148794f362dbf32a957e1fe6ed07fd1c81e0843c8c6e77bb47a785526

    SHA512

    7a03f2e140744d0c9f3782f67bb5f45939ef4d723af5e1307cd0ceeda6f610a08a24583f844ba2bc55075a9e24f5f92db5ddcd89a40cef496f7367e4cfdc8f6e

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    ef1e44c323148a71e77d8a2d0c889102

    SHA1

    aedaa8919d1fa60432e2986f0978b15df5713738

    SHA256

    705329a148794f362dbf32a957e1fe6ed07fd1c81e0843c8c6e77bb47a785526

    SHA512

    7a03f2e140744d0c9f3782f67bb5f45939ef4d723af5e1307cd0ceeda6f610a08a24583f844ba2bc55075a9e24f5f92db5ddcd89a40cef496f7367e4cfdc8f6e

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    ef1e44c323148a71e77d8a2d0c889102

    SHA1

    aedaa8919d1fa60432e2986f0978b15df5713738

    SHA256

    705329a148794f362dbf32a957e1fe6ed07fd1c81e0843c8c6e77bb47a785526

    SHA512

    7a03f2e140744d0c9f3782f67bb5f45939ef4d723af5e1307cd0ceeda6f610a08a24583f844ba2bc55075a9e24f5f92db5ddcd89a40cef496f7367e4cfdc8f6e

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    ef1e44c323148a71e77d8a2d0c889102

    SHA1

    aedaa8919d1fa60432e2986f0978b15df5713738

    SHA256

    705329a148794f362dbf32a957e1fe6ed07fd1c81e0843c8c6e77bb47a785526

    SHA512

    7a03f2e140744d0c9f3782f67bb5f45939ef4d723af5e1307cd0ceeda6f610a08a24583f844ba2bc55075a9e24f5f92db5ddcd89a40cef496f7367e4cfdc8f6e

    Download Submit

  • memory/2664-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2664-22-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2880-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2880-12-0x00000000002C0000-0x00000000002D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2880-21-0x00000000002C0000-0x00000000002C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2880-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download