Overview

overview

7

Static

static

3

b053fdbaa3...eb.exe

windows7-x64

7

b053fdbaa3...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    159s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b053fdbaa3e3f3129e493ec3e9fe048c89d8eb947f7423edb269ec4156641deb.exe

  • Size

    81KB

  • MD5

    c3c7ed7535b914ba73ad0991513e36ed

  • SHA1

    c4527f5eaeb9e25b8b07022908190bdd7cd543b8

  • SHA256

    b053fdbaa3e3f3129e493ec3e9fe048c89d8eb947f7423edb269ec4156641deb

  • SHA512

    3526cd2b2f4d93ffc6a9fcd4e1fc94366c71a0fa705e957cfe1331946208a7500599fa58e9d2897e0342ec5855560ae1b53974ede389aa01bebb535ec55714c6

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOlooXP:GhfxHNIreQm+HiyooXP

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b053fdbaa3e3f3129e493ec3e9fe048c89d8eb947f7423edb269ec4156641deb.exe
    "C:\Users\Admin\AppData\Local\Temp\b053fdbaa3e3f3129e493ec3e9fe048c89d8eb947f7423edb269ec4156641deb.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    90102ee916e5f207d67b01682ade8b0e

    SHA1

    c7d7cf270f1027869eada63468e18082710216d5

    SHA256

    8b30cd78963fc7af6e977ad16d23bc0b5a8148d434423b3b2facc80f299bae52

    SHA512

    c3019f3b26fd816e36a3537a07e7b6d823468bc8927f5e4316f00a93d073ada1b0e961c7d1634a397d3ce24371fe8566e7a14d5ad1aaf8f8d61c4ec1a10fe6f9

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    75KB

    MD5

    29063bf890617c0c032f60912f125357

    SHA1

    13d3ac19774be182e0804b3d87c003aa3a9df8cd

    SHA256

    ad7d684869cd2e368b739e7a6e84b43948db984dfad33c201d4962bfefe37f1e

    SHA512

    3ef06e326efd5fe98a44928615d117507a49161c4ef82da551f4ebcdeb6ad2a934c3cc7e509b3d105f4cceba2668cc69089a014bbae5c0cf2e8ff3c88ea2ab5b

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    75KB

    MD5

    29063bf890617c0c032f60912f125357

    SHA1

    13d3ac19774be182e0804b3d87c003aa3a9df8cd

    SHA256

    ad7d684869cd2e368b739e7a6e84b43948db984dfad33c201d4962bfefe37f1e

    SHA512

    3ef06e326efd5fe98a44928615d117507a49161c4ef82da551f4ebcdeb6ad2a934c3cc7e509b3d105f4cceba2668cc69089a014bbae5c0cf2e8ff3c88ea2ab5b

    Download Submit

  • memory/2904-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2904-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4372-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download