Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13-10-2023 22:10

General

  • Target

    f763d94277d59808962be33b86df067190ee9b6b80f603b5c24ff6dccef4d9d1.exe

  • Size

    75KB

  • MD5

    6ba341cfcc42a10afc9c93e8f2cd2002

  • SHA1

    dd4840f0f1616eb889a177b85c9cf4224c4211ee

  • SHA256

    f763d94277d59808962be33b86df067190ee9b6b80f603b5c24ff6dccef4d9d1

  • SHA512

    9bb48dd9cb103c9f457c058e0c1baa31324b7a8dd40b4ddfb2b8551c9fb90072a51b6332db05c72983a59ed16b103c0768708d2b2bee46f3d8245e79e8f8b00d

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOXz:RshfSWHHNvoLqNwDDGw02eQmh0HjWOXz

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system\rundll32.exe
    C:\Windows\system\rundll32.exe
    1⤵
    • Executes dropped EXE
    • Modifies system executable filetype association
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2440
  • C:\Users\Admin\AppData\Local\Temp\f763d94277d59808962be33b86df067190ee9b6b80f603b5c24ff6dccef4d9d1.exe
    "C:\Users\Admin\AppData\Local\Temp\f763d94277d59808962be33b86df067190ee9b6b80f603b5c24ff6dccef4d9d1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    82KB

    MD5

    ce87292fb44ac8033a35ebd492775641

    SHA1

    5ba7d005a290ec6ab3eb507a861af97ef9cda2d6

    SHA256

    b15e73df74cc6f9867b83a295f4d26650639670991906b111c226e75d6912156

    SHA512

    d13e7b589935862723ea18484dc7ef8ab1a7febf586c27604401cc2b6f43dbdb2c8cd74246be85afb9721b23463d3de759f377ac7a8961e8c82b4db75cc7a126

  • C:\Windows\system\rundll32.exe

    Filesize

    82KB

    MD5

    baafcdcab3b0dc2d2af8cb707681eaba

    SHA1

    12d86bd25c189f489b074e54ebbacb9655a5a43f

    SHA256

    95d0d03f3ad4258cf1ceac43417b7e43fddae309670d8cd4cffe3b89c2fed879

    SHA512

    7fe0c6d46df52be0918a59243fc60f79807b50c16396e872ea8f654c2ca00fa99178ddc1c4ed46266d28be4b10650e30a5a8d76e30bb5372fc0f20ad71bcca07

  • C:\Windows\system\rundll32.exe

    Filesize

    82KB

    MD5

    baafcdcab3b0dc2d2af8cb707681eaba

    SHA1

    12d86bd25c189f489b074e54ebbacb9655a5a43f

    SHA256

    95d0d03f3ad4258cf1ceac43417b7e43fddae309670d8cd4cffe3b89c2fed879

    SHA512

    7fe0c6d46df52be0918a59243fc60f79807b50c16396e872ea8f654c2ca00fa99178ddc1c4ed46266d28be4b10650e30a5a8d76e30bb5372fc0f20ad71bcca07

  • \Windows\system\rundll32.exe

    Filesize

    82KB

    MD5

    baafcdcab3b0dc2d2af8cb707681eaba

    SHA1

    12d86bd25c189f489b074e54ebbacb9655a5a43f

    SHA256

    95d0d03f3ad4258cf1ceac43417b7e43fddae309670d8cd4cffe3b89c2fed879

    SHA512

    7fe0c6d46df52be0918a59243fc60f79807b50c16396e872ea8f654c2ca00fa99178ddc1c4ed46266d28be4b10650e30a5a8d76e30bb5372fc0f20ad71bcca07

  • \Windows\system\rundll32.exe

    Filesize

    82KB

    MD5

    baafcdcab3b0dc2d2af8cb707681eaba

    SHA1

    12d86bd25c189f489b074e54ebbacb9655a5a43f

    SHA256

    95d0d03f3ad4258cf1ceac43417b7e43fddae309670d8cd4cffe3b89c2fed879

    SHA512

    7fe0c6d46df52be0918a59243fc60f79807b50c16396e872ea8f654c2ca00fa99178ddc1c4ed46266d28be4b10650e30a5a8d76e30bb5372fc0f20ad71bcca07

  • memory/1396-17-0x00000000002D0000-0x00000000002E6000-memory.dmp

    Filesize

    88KB

  • memory/1396-12-0x00000000002D0000-0x00000000002E6000-memory.dmp

    Filesize

    88KB

  • memory/1396-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1396-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1396-21-0x00000000002D0000-0x00000000002D6000-memory.dmp

    Filesize

    24KB

  • memory/2440-22-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB