Overview

overview

7

Static

static

3

6cd54a3df4...78.exe

windows7-x64

7

6cd54a3df4...78.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2023, 22:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6cd54a3df40cc37b457775d9954521fbe51089834ede9acc3a4203b67028a278.exe

  • Size

    73KB

  • MD5

    8a83dcfe436b7a936b9d4de87d9c80f7

  • SHA1

    73af495a6476f89d6c2be56128e1039db66119b5

  • SHA256

    6cd54a3df40cc37b457775d9954521fbe51089834ede9acc3a4203b67028a278

  • SHA512

    6d1cb79aa8d7a80d5f3945a88cf2894fa92cc307d74e6a087ac6fa1e8561a7ecddeda0119391a6281683a1a7a82e9ae5d673afc1031b430f2795c4513a48f212

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOn:RshfSWHHNvoLqNwDDGw02eQmh0HjWOn

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cd54a3df40cc37b457775d9954521fbe51089834ede9acc3a4203b67028a278.exe
    "C:\Users\Admin\AppData\Local\Temp\6cd54a3df40cc37b457775d9954521fbe51089834ede9acc3a4203b67028a278.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:396

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          74KB

          MD5

          28c133d951d256d97c3277cdad7a1918

          SHA1

          ea2e7b5603a1775c5dbfdf6b1e2eeacf173a39b6

          SHA256

          c79df9d468536c2494009d27b1881feb6b07998a79ce778d81766a1027be624e

          SHA512

          d7b53a2d5798c181789f4b6f2f97f89d3432ed09bf71d8efc2ef17f3cf35f4f860bfc8f0933739e71e6c06fbb9165b84214f40920a3f38881e1ed7b489aa74f1

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          78KB

          MD5

          cf053b08a4a277c0bf51ec33840971d0

          SHA1

          0b56aec9efa55a9836b3c75a49f62d60dc522435

          SHA256

          0962cafd1b2396b6dd4d6fef8bbbaed7917766f3452a21d835d92a5f5f5af524

          SHA512

          2599164ec530c09bd638029643ce734a6fb15f2b0f5e1a30e28f103593095adf6261dcdf1b6fe0ebac2d90a150331e7f196d18275335de267ae73e3adc1a02ef

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          78KB

          MD5

          cf053b08a4a277c0bf51ec33840971d0

          SHA1

          0b56aec9efa55a9836b3c75a49f62d60dc522435

          SHA256

          0962cafd1b2396b6dd4d6fef8bbbaed7917766f3452a21d835d92a5f5f5af524

          SHA512

          2599164ec530c09bd638029643ce734a6fb15f2b0f5e1a30e28f103593095adf6261dcdf1b6fe0ebac2d90a150331e7f196d18275335de267ae73e3adc1a02ef

          Download Submit

        • memory/396-14-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4156-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4156-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download