Overview

overview

7

Static

static

3

3b34d723f0...e5.exe

windows7-x64

7

3b34d723f0...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 23:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b34d723f00c8c322130f997f72f53454963d7d3813ee357756ed1cdec16cfe5.exe

  • Size

    10.0MB

  • MD5

    1b6a8b995ea461a1a8cdb64a38baa07c

  • SHA1

    b45f1005e628a252159db7bb24311cad3f3f2fde

  • SHA256

    3b34d723f00c8c322130f997f72f53454963d7d3813ee357756ed1cdec16cfe5

  • SHA512

    1d62c0f776b3179d9e7d7842077d26828a7455062b73cb89a4e2276366b038cc5b761d361e80aa5f735df1e5ccbf87f68f79f1e1a856f235de11625af8aaf63a

  • SSDEEP

    98304:zp1tz8PLaf8MkZ4/0n5pqWWqUi1osiG+77/bOtIzZ+L8v13jt9001em:zpILT4ypRnLM7/bOCzB00wm

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b34d723f00c8c322130f997f72f53454963d7d3813ee357756ed1cdec16cfe5.exe
    "C:\Users\Admin\AppData\Local\Temp\3b34d723f00c8c322130f997f72f53454963d7d3813ee357756ed1cdec16cfe5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3728
    • C:\Users\Admin\AppData\Local\Temp\ÓÎÏ·µÇ¼Æ÷.exe
      C:\Users\Admin\AppData\Local\Temp\ÓÎÏ·µÇ¼Æ÷.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ÓÎÏ·µÇ¼Æ÷.exe
    Filesize

    7.9MB

    MD5

    fb1333ee1a0e7b312bcc909e2f2ddd3e

    SHA1

    1a64210fd0065a02d4acb55f1545ffcb4f1eccf0

    SHA256

    eae56534dead3aacec847140b248414fe32ab9b70ff5990197d52b80aadfd86e

    SHA512

    69b9fea21bd3a36bd85441b9d6bf84b06cc0e1046b9ee648ba7079e964129708735a5c81a4bf27c3f304e02b706cf8c3c932fc6b23a5ea7753a208ec6edda191

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ÓÎÏ·µÇ¼Æ÷.exe
    Filesize

    7.9MB

    MD5

    fb1333ee1a0e7b312bcc909e2f2ddd3e

    SHA1

    1a64210fd0065a02d4acb55f1545ffcb4f1eccf0

    SHA256

    eae56534dead3aacec847140b248414fe32ab9b70ff5990197d52b80aadfd86e

    SHA512

    69b9fea21bd3a36bd85441b9d6bf84b06cc0e1046b9ee648ba7079e964129708735a5c81a4bf27c3f304e02b706cf8c3c932fc6b23a5ea7753a208ec6edda191

    Download Submit

  • memory/3728-0-0x0000000000400000-0x0000000000DF4000-memory.dmp

    Filesize

    10.0MB

    Download

  • memory/3728-1-0x0000000076C80000-0x0000000076E95000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/3728-3875-0x0000000075DA0000-0x0000000075F40000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3728-5884-0x0000000076360000-0x00000000763DA000-memory.dmp

    Filesize

    488KB

    Download

  • memory/3728-13074-0x0000000000400000-0x0000000000DF4000-memory.dmp

    Filesize

    10.0MB

    Download