Overview

overview

7

Static

static

3

381ccfb890...ac.exe

windows7-x64

7

381ccfb890...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    12-10-2023 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    381ccfb890b1dbf60da3f3c8c837c7f5e37e4711d8609feb404dc2316623feac.exe

  • Size

    78KB

  • MD5

    4e0e06bf5106df9509df7eec0a468e9f

  • SHA1

    2ed435d867fdff1a75d351c46dcf49eefbe568a5

  • SHA256

    381ccfb890b1dbf60da3f3c8c837c7f5e37e4711d8609feb404dc2316623feac

  • SHA512

    810220fa443cc3ce03974c915a9aa228463a45f6fad7dbf794d6ae5cefdcfdf1641896f90f93e23eeaea8ad705edecb74df439a3daf34f9f373406eac8ae3409

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOtjR96:GhfxHNIreQm+HiGjR96

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\381ccfb890b1dbf60da3f3c8c837c7f5e37e4711d8609feb404dc2316623feac.exe
    "C:\Users\Admin\AppData\Local\Temp\381ccfb890b1dbf60da3f3c8c837c7f5e37e4711d8609feb404dc2316623feac.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:848
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    986d01902bfa2c1040528b69e75116db

    SHA1

    f0d62faab630dc9d49db3a11dda74f0673051702

    SHA256

    f10095545f244ab0da7a9a4854c5a56a6082492a7a6ec7c5ec111f9f96792165

    SHA512

    2652f1e4ee8030859eec761e9254703551cdc295de4c0e89c9064c3d2effaebe0c9dc1417175ff0c1c40e8451c50b3fa342478d0c288df01451c29748a184500

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    45b386b1b9f2bc7f0cd2ca21d159ba24

    SHA1

    0bbccb665dc257128ce8773c8d8076a71be4308a

    SHA256

    6f29ed4f80ab62bd73811b9f6ba7e4ec1c5b463f357506cd40abfea6898008cb

    SHA512

    ed79047072a3bddd1ee96874cb8d323a69886dae3d698ea829880c2e87c5f9e7c21553e909039e0945c794bc3af0e7405d11c4e683ee2d7da4448c35711fc849

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    45b386b1b9f2bc7f0cd2ca21d159ba24

    SHA1

    0bbccb665dc257128ce8773c8d8076a71be4308a

    SHA256

    6f29ed4f80ab62bd73811b9f6ba7e4ec1c5b463f357506cd40abfea6898008cb

    SHA512

    ed79047072a3bddd1ee96874cb8d323a69886dae3d698ea829880c2e87c5f9e7c21553e909039e0945c794bc3af0e7405d11c4e683ee2d7da4448c35711fc849

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    45b386b1b9f2bc7f0cd2ca21d159ba24

    SHA1

    0bbccb665dc257128ce8773c8d8076a71be4308a

    SHA256

    6f29ed4f80ab62bd73811b9f6ba7e4ec1c5b463f357506cd40abfea6898008cb

    SHA512

    ed79047072a3bddd1ee96874cb8d323a69886dae3d698ea829880c2e87c5f9e7c21553e909039e0945c794bc3af0e7405d11c4e683ee2d7da4448c35711fc849

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    45b386b1b9f2bc7f0cd2ca21d159ba24

    SHA1

    0bbccb665dc257128ce8773c8d8076a71be4308a

    SHA256

    6f29ed4f80ab62bd73811b9f6ba7e4ec1c5b463f357506cd40abfea6898008cb

    SHA512

    ed79047072a3bddd1ee96874cb8d323a69886dae3d698ea829880c2e87c5f9e7c21553e909039e0945c794bc3af0e7405d11c4e683ee2d7da4448c35711fc849

    Download Submit

  • memory/848-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/848-12-0x00000000003C0000-0x00000000003D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/848-17-0x00000000003C0000-0x00000000003D6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/848-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/848-22-0x00000000003C0000-0x00000000003C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3068-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3068-23-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download