Overview

overview

7

Static

static

3

a687a15677...60.exe

windows7-x64

7

a687a15677...60.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 00:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a687a15677a786025943363a9665205b6dc22dd3376958728c1063076fe4bf60.exe

  • Size

    74KB

  • MD5

    c5a1c0357b26a0d2a84ec25800a049f9

  • SHA1

    67309e70dd80a7f94b75237b1edb56984aa6f039

  • SHA256

    a687a15677a786025943363a9665205b6dc22dd3376958728c1063076fe4bf60

  • SHA512

    288bf60bdebedb81592b70b8c5569b4c32f4f0fe1e0d34952e902deb7032cb9c0f6d355a5455125069a22a1e2fd59c42af10675405a98831c62675650bb8d1af

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWObWy:GhfxHNIreQm+Hi9y

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a687a15677a786025943363a9665205b6dc22dd3376958728c1063076fe4bf60.exe
    "C:\Users\Admin\AppData\Local\Temp\a687a15677a786025943363a9665205b6dc22dd3376958728c1063076fe4bf60.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4140

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          80KB

          MD5

          a2f2f76915c7baa26be20e293b47330f

          SHA1

          4e84c6dcd0fc2c5c8c3f5dacf7e70fe25edd5c0a

          SHA256

          fc505995dbaed713ac5af5f5fb84649db5fa9d10338fed1ddabbe7c4559f5d3f

          SHA512

          31c409d9e715624e3e1e6ec98d26bae964a79e59285b17fdbe603367171e82873556628bca1b02cf57612420a6f0526a06e527c5a7b3aac64181490ea546d7e8

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          75KB

          MD5

          f46a3ab4ce4c9faa9c851b29ecc8df87

          SHA1

          3f4b618609b41c7efffa7121974f74756b44001e

          SHA256

          7cebbd1c7be03d71ad0dd3e176babecc8d8880fddd50ffef8574b143c8103874

          SHA512

          860bd1bb9d0f2e8cf6d1c97d32bf18b5bb1e8e6788f6ae863d4f9134725f69f7c3d83cf8194f685212b0c1679a69a5fe5fb4a899bbf643457b83c8abad277008

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          75KB

          MD5

          f46a3ab4ce4c9faa9c851b29ecc8df87

          SHA1

          3f4b618609b41c7efffa7121974f74756b44001e

          SHA256

          7cebbd1c7be03d71ad0dd3e176babecc8d8880fddd50ffef8574b143c8103874

          SHA512

          860bd1bb9d0f2e8cf6d1c97d32bf18b5bb1e8e6788f6ae863d4f9134725f69f7c3d83cf8194f685212b0c1679a69a5fe5fb4a899bbf643457b83c8abad277008

          Download Submit

        • memory/2788-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2788-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4140-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download