Overview

overview

7

Static

static

3

1d61af4f08...52.exe

windows7-x64

7

1d61af4f08...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d61af4f0800387ab7b8b60835c7e3dbfd3aef86773f9e7532723fd882c07752.exe

  • Size

    81KB

  • MD5

    76544919796349b8bf6087361c17cc85

  • SHA1

    c80a938312adbbbc6836b98954d95e8de8e974e8

  • SHA256

    1d61af4f0800387ab7b8b60835c7e3dbfd3aef86773f9e7532723fd882c07752

  • SHA512

    924870c44060952ffc416ab339b2def494e174c8c21cc81e92399b357365c3638abf1bfd59e294f3d0f93baa4cec69c9c20a216ebf9ca99c4539b72355a3264d

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOzLH5qR:GhfxHNIreQm+HiALH5qR

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d61af4f0800387ab7b8b60835c7e3dbfd3aef86773f9e7532723fd882c07752.exe
    "C:\Users\Admin\AppData\Local\Temp\1d61af4f0800387ab7b8b60835c7e3dbfd3aef86773f9e7532723fd882c07752.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    80KB

    MD5

    bfa3f24ca5db37111ddf3d90501066b1

    SHA1

    d43f810ff69d82afcbd95913e15bc3884a575295

    SHA256

    f17194903ffaad9c6fe107430a40ffc77424ac453d1f0e6b6d7787422b453d49

    SHA512

    e7ee15da6886e10990b093ff373d500e3a9be883dbccdb6e82f68ce9643b3aa837cf98d52d2b403ae72ff883bfc622638492f7572ac10ee896368cb48e4874a0

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    5935408f6fb9089d7c4f848cbe168246

    SHA1

    2ac588007554b5b59273baf3581192ad8e4afbf4

    SHA256

    b0e526e86c024f746bfd53d01babea97726bc79065e53d502415a6393b53b622

    SHA512

    52f6b60ca868b4d6557f926ee3feed247e5fd90c48af37faff213f35e11df10dea2f455a9eba7f01ec3a0f9e174b6a09f05eff446f2651a30cec8d3c06c8a86d

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    5935408f6fb9089d7c4f848cbe168246

    SHA1

    2ac588007554b5b59273baf3581192ad8e4afbf4

    SHA256

    b0e526e86c024f746bfd53d01babea97726bc79065e53d502415a6393b53b622

    SHA512

    52f6b60ca868b4d6557f926ee3feed247e5fd90c48af37faff213f35e11df10dea2f455a9eba7f01ec3a0f9e174b6a09f05eff446f2651a30cec8d3c06c8a86d

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    5935408f6fb9089d7c4f848cbe168246

    SHA1

    2ac588007554b5b59273baf3581192ad8e4afbf4

    SHA256

    b0e526e86c024f746bfd53d01babea97726bc79065e53d502415a6393b53b622

    SHA512

    52f6b60ca868b4d6557f926ee3feed247e5fd90c48af37faff213f35e11df10dea2f455a9eba7f01ec3a0f9e174b6a09f05eff446f2651a30cec8d3c06c8a86d

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    5935408f6fb9089d7c4f848cbe168246

    SHA1

    2ac588007554b5b59273baf3581192ad8e4afbf4

    SHA256

    b0e526e86c024f746bfd53d01babea97726bc79065e53d502415a6393b53b622

    SHA512

    52f6b60ca868b4d6557f926ee3feed247e5fd90c48af37faff213f35e11df10dea2f455a9eba7f01ec3a0f9e174b6a09f05eff446f2651a30cec8d3c06c8a86d

    Download Submit

  • memory/2192-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2192-23-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3040-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3040-12-0x0000000000390000-0x00000000003A6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3040-17-0x0000000000390000-0x00000000003A6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/3040-22-0x0000000000390000-0x0000000000392000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3040-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download