Overview

overview

10

Static

static

3

F0096900000987789.exe

windows7-x64

10

F0096900000987789.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    50s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/10/2023, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    F0096900000987789.exe

  • Size

    416KB

  • MD5

    264e01e9cae9c9e1967ea892288bc9ae

  • SHA1

    6353515cd0642b46cb95bd028a3d44f273d5e5e9

  • SHA256

    2bdbe25f715e65a6ae288750c0d3236b7edf55b4f43fce3a88b779f01b6101da

  • SHA512

    79985475851347c86ae6e150a045e197f9aaa960a8910694098a550b17d684adafbfabf2f6a55470e31bce8a93707e86991b4ba17a618864b147e0d533243277

  • SSDEEP

    6144:PYa6dVyAI4xoWOgNAIccFhsNCzYK9cnr43CGbhJb+sfQCbZzsPpP8gUnSiGQYsL:PYRrfofg2Uhsycn8YWyPpPbKGVsL

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\F0096900000987789.exe
    "C:\Users\Admin\AppData\Local\Temp\F0096900000987789.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe
      "C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1664
      • C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe
        "C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe"
        3⤵
          PID:4324

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe
      Filesize

      201KB

      MD5

      bc17e821b2bf7340c20dabf82a5edbee

      SHA1

      38089a83bc5dea7ad162b3c0b3e32eb2239e291d

      SHA256

      6eac0348b8012f2927c8afc32975096e941ff033f72b1369aeb6f85c507cd717

      SHA512

      fd0f1868dc49d42a4408bd4a85404e0a17a271697937445c65d4c8e8cdab01bebdfd81d0f58814d24a1deff18f7b6ee17b9b4933611fb461ec61e694c6736ca8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hevnhrxazn.exe
      Filesize

      201KB

      MD5

      bc17e821b2bf7340c20dabf82a5edbee

      SHA1

      38089a83bc5dea7ad162b3c0b3e32eb2239e291d

      SHA256

      6eac0348b8012f2927c8afc32975096e941ff033f72b1369aeb6f85c507cd717

      SHA512

      fd0f1868dc49d42a4408bd4a85404e0a17a271697937445c65d4c8e8cdab01bebdfd81d0f58814d24a1deff18f7b6ee17b9b4933611fb461ec61e694c6736ca8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\odeznlddb.p
      Filesize

      300KB

      MD5

      238a3b33f9625d9ab33fdfbfa1b52c9b

      SHA1

      d5fa3eef63f6a133a1eb7ef37871ce363e0de63b

      SHA256

      48bfecaa62d330e814755c6bb4878c65107446156ecbe95309ef413c4aedaeab

      SHA512

      8caaa1a17cc989ce565ce410b99e634151e5b5df2fa214fee7caccc67af833ee3c916a14b97338034a0f4eef6e75dc25c6743c41c007d2c8b2a5919a418a8e58

      Download Submit

    • memory/1664-5-0x00000000027E0000-0x00000000027E2000-memory.dmp

      Filesize

      8KB

      Download