Overview

overview

7

Static

static

3

f9c038922b...c2.exe

windows7-x64

7

f9c038922b...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    179s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 08:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9c038922b545416d36e75a7c61dea7c25aab891c7881fee1b3e46219e93d8c2.exe

  • Size

    82KB

  • MD5

    becf7cd3f261df82f7b378dd2a0ec127

  • SHA1

    0b0367244cf4e668911198fa53c2d819eb8fbc4f

  • SHA256

    f9c038922b545416d36e75a7c61dea7c25aab891c7881fee1b3e46219e93d8c2

  • SHA512

    576991dd429fa243f3430621b1e7a601a4fd36b6b3e3d64540d6a6135c1e9210f8ea5fc629d74183c74a012f112b1d05fd2a3834eb6da93e15bbcd50d22986ef

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOcm:RshfSWHHNvoLqNwDDGw02eQmh0HjWOd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9c038922b545416d36e75a7c61dea7c25aab891c7881fee1b3e46219e93d8c2.exe
    "C:\Users\Admin\AppData\Local\Temp\f9c038922b545416d36e75a7c61dea7c25aab891c7881fee1b3e46219e93d8c2.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    da2b943090fdd31f3de2f45e45c6d1c2

    SHA1

    49a3bac6cd5fe10f300687643e34c06c48623f6f

    SHA256

    3e8b66142d42eef6aea8a3e289ab644f4517c4f65bac662b23c206925a2a56fb

    SHA512

    5151d884677b79d630ca1898bf414ae6fa1fcfc90fed568e9bc893fe2924c306ac8e86fff44fec8a3221eea0bd948680d50bed44cea4c18bbb89c787e5235338

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    78KB

    MD5

    9761484c73b830dab492b7dcb3376873

    SHA1

    6b1d9d660273ab297d83834a7e4a68fc95118871

    SHA256

    6a1b49f4495504fb13e43e38c77f5dc725ad2dd403d9d9abdb5ec1b1de5ffe72

    SHA512

    30e3728f8e1f2f31da18f54e941b5e829f87e26fa16deb611b5a91c5a05fac26677ccfdb6a5358fabccb5e0806250c08ba91a0945922f97a907a43caf8e79ef9

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    78KB

    MD5

    9761484c73b830dab492b7dcb3376873

    SHA1

    6b1d9d660273ab297d83834a7e4a68fc95118871

    SHA256

    6a1b49f4495504fb13e43e38c77f5dc725ad2dd403d9d9abdb5ec1b1de5ffe72

    SHA512

    30e3728f8e1f2f31da18f54e941b5e829f87e26fa16deb611b5a91c5a05fac26677ccfdb6a5358fabccb5e0806250c08ba91a0945922f97a907a43caf8e79ef9

    Download Submit

  • memory/1876-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1876-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4472-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download