Overview

overview

7

Static

static

3

55749c84a7...19.exe

windows7-x64

7

55749c84a7...19.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    169s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2023 00:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55749c84a7fa0d7faee8a4bbd4cf19778fd0fd6096729bae15286e169c714e19.exe

  • Size

    78KB

  • MD5

    b5be93e3a3b753d34a15d2a524a0c6d4

  • SHA1

    55587f45928cb57da0b60ceb91b57e80b0df0d2a

  • SHA256

    55749c84a7fa0d7faee8a4bbd4cf19778fd0fd6096729bae15286e169c714e19

  • SHA512

    45914a19ca75840367ca078bfaa7e518edb58a166f402e91eb00725871c8420d6227f3900c909dd059a34ee116ef728e4b8f4f6e8e3ff346f0637b71485a804d

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOMpy:GhfxHNIreQm+HiJpy

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55749c84a7fa0d7faee8a4bbd4cf19778fd0fd6096729bae15286e169c714e19.exe
    "C:\Users\Admin\AppData\Local\Temp\55749c84a7fa0d7faee8a4bbd4cf19778fd0fd6096729bae15286e169c714e19.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    76KB

    MD5

    94646bbfcaa827249adeb9bfb7638ee6

    SHA1

    ea61661b40b4161c399914b2f55e1176158457fd

    SHA256

    82f222b37e7591b193aa2825f452f53951a64e9eabd11ed6f1c3b3c07e667936

    SHA512

    523216c91654d57727e6bb8f093d15726b3648857474527fcc925357f3978ab21ee2447179dbd1c35f0112215d7ad656920242aa9962ccee3f460fc90e79662d

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    9f82b4dbb7bbccca71415d55cb6369e0

    SHA1

    44b610f817754ad6d46d56ab4d96f4f3fd156bf9

    SHA256

    f65147a705f59dee7745bf296e48f034af261ef2f2843ee02009884e7f7859d5

    SHA512

    9d891c5a1e49cbd8a29ba2f5917d77e3e3d1b2c694040524a32313e9f7c1a53bfc8588dc112cd73865e772f76d6fad51588a469b70584d010bbd258aa7886b09

    Download Submit

  • C:\Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    9f82b4dbb7bbccca71415d55cb6369e0

    SHA1

    44b610f817754ad6d46d56ab4d96f4f3fd156bf9

    SHA256

    f65147a705f59dee7745bf296e48f034af261ef2f2843ee02009884e7f7859d5

    SHA512

    9d891c5a1e49cbd8a29ba2f5917d77e3e3d1b2c694040524a32313e9f7c1a53bfc8588dc112cd73865e772f76d6fad51588a469b70584d010bbd258aa7886b09

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    9f82b4dbb7bbccca71415d55cb6369e0

    SHA1

    44b610f817754ad6d46d56ab4d96f4f3fd156bf9

    SHA256

    f65147a705f59dee7745bf296e48f034af261ef2f2843ee02009884e7f7859d5

    SHA512

    9d891c5a1e49cbd8a29ba2f5917d77e3e3d1b2c694040524a32313e9f7c1a53bfc8588dc112cd73865e772f76d6fad51588a469b70584d010bbd258aa7886b09

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    82KB

    MD5

    9f82b4dbb7bbccca71415d55cb6369e0

    SHA1

    44b610f817754ad6d46d56ab4d96f4f3fd156bf9

    SHA256

    f65147a705f59dee7745bf296e48f034af261ef2f2843ee02009884e7f7859d5

    SHA512

    9d891c5a1e49cbd8a29ba2f5917d77e3e3d1b2c694040524a32313e9f7c1a53bfc8588dc112cd73865e772f76d6fad51588a469b70584d010bbd258aa7886b09

    Download Submit

  • memory/2092-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2092-12-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2092-17-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2092-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2092-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2636-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2636-23-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download