Overview

overview

7

Static

static

3

5aa0579517...4a.exe

windows7-x64

7

5aa0579517...4a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5aa05795174030d6a9f5090c724a6ebac56f814cb1f89fda62da42a321576d4a.exe

  • Size

    73KB

  • MD5

    6316a4a33a47e9477a148cffbca68233

  • SHA1

    46c1259a38f761f239d72fe11681ee8242aa0b66

  • SHA256

    5aa05795174030d6a9f5090c724a6ebac56f814cb1f89fda62da42a321576d4a

  • SHA512

    9db17fbce901a246e1573c325de983e6051954863f9b8b665741260ef9d8ad005a157e5935b3ee531930f55610730394e15042396c762c4dd110efbf8ff9ec18

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOzS:RshfSWHHNvoLqNwDDGw02eQmh0HjWOzS

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5aa05795174030d6a9f5090c724a6ebac56f814cb1f89fda62da42a321576d4a.exe
    "C:\Users\Admin\AppData\Local\Temp\5aa05795174030d6a9f5090c724a6ebac56f814cb1f89fda62da42a321576d4a.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3128
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    80KB

    MD5

    483ad87e946cef3451929bdf4bf8c9b5

    SHA1

    f21d25d2232618a3ceb9eb9e9d20d6467382eb21

    SHA256

    ed3fb7dc44807f297b7e44d02f2c3a64df51a42f9813f4ec3babe5c03d6134f6

    SHA512

    141089aaaee4fa65938af061416849834690eb5e9a72f04a5b2b769974b40e6b6178be27f9d067b16f0b24fe55247302f11ad1f85d91cc295925572b87dbaecb

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    76KB

    MD5

    781c3da6d9fd4600239eb73ed0c86047

    SHA1

    c0219137453eb551955f0c7fec2c62bb5c63f082

    SHA256

    41d495cf7953418ddb94d5609db0360bc0ea690a479f5bfee820edb0e59c8489

    SHA512

    a94320d2bd7227d8a9a53e9c7a4c71c827a34449448508bf6ce91311a7e30557e63a4a75457b514fc48d8e35b46e0d6d65b4d1a20f153f680b090809090df4ce

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    781c3da6d9fd4600239eb73ed0c86047

    SHA1

    c0219137453eb551955f0c7fec2c62bb5c63f082

    SHA256

    41d495cf7953418ddb94d5609db0360bc0ea690a479f5bfee820edb0e59c8489

    SHA512

    a94320d2bd7227d8a9a53e9c7a4c71c827a34449448508bf6ce91311a7e30557e63a4a75457b514fc48d8e35b46e0d6d65b4d1a20f153f680b090809090df4ce

    Download Submit

  • memory/2176-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3128-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3128-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download