Overview

overview

7

Static

static

3

6d1aaf6a85...2d.exe

windows7-x64

7

6d1aaf6a85...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 02:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6d1aaf6a853d39b2decbb63012fbb2fc7a125fe6307de3022d50b2b0d8b8062d.exe

  • Size

    79KB

  • MD5

    810596e0b1acee4c520e0f1567903646

  • SHA1

    d718a25fd006322d7bacd924c049639d38ce4623

  • SHA256

    6d1aaf6a853d39b2decbb63012fbb2fc7a125fe6307de3022d50b2b0d8b8062d

  • SHA512

    be30b5d396c3500f67f7bb7e81541ab04963415bc1672028c3ad0fd89b717b765a2178f9445c1009c6dda2d3dd471926eb869229f00030e6c495c68e31c7bc53

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOt+GNk:GhfxHNIreQm+Hi6+GNk

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d1aaf6a853d39b2decbb63012fbb2fc7a125fe6307de3022d50b2b0d8b8062d.exe
    "C:\Users\Admin\AppData\Local\Temp\6d1aaf6a853d39b2decbb63012fbb2fc7a125fe6307de3022d50b2b0d8b8062d.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:3844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          74KB

          MD5

          bfeb23fd50059f5a6a8e1a7b99633f5f

          SHA1

          51ae2ff8f69b5011e813b7c0d520c92bfb5c8aeb

          SHA256

          86a0d0131fa3850974176716e485961d0b28e3da6ea9308f672a86954ec0d84c

          SHA512

          115f82b499461858e009466856bf00961549d8932ec80cf81279b3bae7fec6b6a75a750b3d1e533e815132adb62307bdf9f81f61de50260927b5d2a6f0d3f0c5

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          77KB

          MD5

          cb2bab1e23eed6b2af1af1b17e2cb0c1

          SHA1

          380f8f746e7d80088c44dda032f5c0579181cb1e

          SHA256

          2f7428dfd22d7ddf1623a99b0459cb5748ddbe7fa4e0d4aee1405a3021c57247

          SHA512

          cd96f7c9a03ae06db48ddb926ef968864dc8edc9365b4f397618de2da1689096a25f90cdd4e47b94737f5c638d4504d8289e14db16a6168e1f889a589deca2e2

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          77KB

          MD5

          cb2bab1e23eed6b2af1af1b17e2cb0c1

          SHA1

          380f8f746e7d80088c44dda032f5c0579181cb1e

          SHA256

          2f7428dfd22d7ddf1623a99b0459cb5748ddbe7fa4e0d4aee1405a3021c57247

          SHA512

          cd96f7c9a03ae06db48ddb926ef968864dc8edc9365b4f397618de2da1689096a25f90cdd4e47b94737f5c638d4504d8289e14db16a6168e1f889a589deca2e2

          Download Submit

        • memory/3844-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4628-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4628-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download