Overview

overview

7

Static

static

3

7c0f79dbc2...d5.exe

windows7-x64

7

7c0f79dbc2...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 16:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe

  • Size

    74KB

  • MD5

    d9a89b5c68b0f7cf4ff7cd64b8601a6d

  • SHA1

    2a101130d9e9e066c6c465699b13255ea38340f8

  • SHA256

    7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5

  • SHA512

    39a8a792a9974d1be220d6325cd53c62a3b094b063b07aa9eeb32155a62128e225ecf5c45bdca9909239484e0106601a82d0c71e816af92c126db0cb53e2ec96

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOu3:RshfSWHHNvoLqNwDDGw02eQmh0HjWOu3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe
    "C:\Users\Admin\AppData\Local\Temp\7c0f79dbc2b3afd454ce8da9d349a294e31cf1056ccfe716ab304be474a74ed5.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4000
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    76KB

    MD5

    e1540243c48d1589a3a89adacdc4cc50

    SHA1

    ec0bfaad7e98ac23eec4776edab3c4d839a0655d

    SHA256

    cdd1bc782010f80aae7d590eaadc0d65445c04b0f75205451cb8fa5ca5fac5e3

    SHA512

    9cf81fc819d38af68f123e4f5bb03966204eaf5553c90da32ac5d476dacbeccf0e76c0a57de007abab2356c3d023534fe4ee72d5cb703463825cc44e0a063b56

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    73KB

    MD5

    6dfb6130f616d1583f60e04ad2c2610e

    SHA1

    d0643693131f00576f44cfa284e84d67879039f6

    SHA256

    f5ea0e8a41d31f96d69d14f250bd80a7d2c657b0e8bfba84731df1e2106a5237

    SHA512

    9146ef119828f0c9c819ed6b3f8ade0e604944a6541dbdd878da0fbb2b8b44c83d204ecc730123a4922fd30ec577856c6e0ee8f60145e643e4c25e97dbec3976

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    6dfb6130f616d1583f60e04ad2c2610e

    SHA1

    d0643693131f00576f44cfa284e84d67879039f6

    SHA256

    f5ea0e8a41d31f96d69d14f250bd80a7d2c657b0e8bfba84731df1e2106a5237

    SHA512

    9146ef119828f0c9c819ed6b3f8ade0e604944a6541dbdd878da0fbb2b8b44c83d204ecc730123a4922fd30ec577856c6e0ee8f60145e643e4c25e97dbec3976

    Download Submit

  • memory/4000-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4000-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4412-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download