b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae

Analysis

max time kernel
138s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 09:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe
Size

785KB
MD5

3d877bb57e08a2fc57571f0dca8d0cd9
SHA1

bd100cce4673498c1ce753b524f0e2fc9038b854
SHA256

b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae
SHA512

f68de825daeba37f6d463564132b2796ff8147b00c6654783a77cd629d5c888bfe3156f1585dcd3b633b2c484a04d82f2b757eebbe2c987aa5b33de99e4c8a51
SSDEEP

12288:dS/vx4iLyyhHX7A6HHWWUuhiq78MndAbqQXWLQ8Gb:q4wygHs6Hsuhr7rndAT4Qf

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4872	360°²È«×é¼þ.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ = "360°²È«×é¼þ.exe;C:\\Users\\Admin\\AppData\\Local\\Temp\\b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe"	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\WINDOWS\360°²È«×é¼þ.exe	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe
File created	C:\WINDOWS\Client.bin	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe
File opened for modification	C:\WINDOWS\360°²È«×é¼þ.exe	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4352	4872	WerFault.exe	90

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4612	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe
4612	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 4872	4612	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe	90
PID 4612 wrote to memory of 4872	4612	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe	90
PID 4612 wrote to memory of 4872	4612	b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe	90

C:\Users\Admin\AppData\Local\Temp\b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe
"C:\Users\Admin\AppData\Local\Temp\b335da9d58b96c7e78f483c77ce97bb547d4cfddfab1b8eb9dfa9b584af5b2ae.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4612
- C:\WINDOWS\360°²È«×é¼þ.exe
  C:\WINDOWS\360°²È«×é¼þ.exe
  2⤵
  - Executes dropped EXE
  PID:4872
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 244
    3⤵
    - Program crash
    PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4872 -ip 4872
1⤵
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WINDOWS\360°²È«×é¼þ.exe

Filesize
107KB

MD5
93de5ea4f41f4b38d74adaa1fcf4c670

SHA1
9d6ba2c31df12538be3ffad8d06c64d2711b6d33

SHA256
5f4deb24d94e794b97d32d96d8fd864ab1cb282c6efe47772d286cf007eb5753

SHA512
d4a29751038d38349717cec244b18271cc413ea7ce3c4c3a24a63b0ad5cfe7bbd1f4231891ee9fe0be61485cc0e402a970c0ab37a09591e0d9c0199a2df1f0a3

Download Submit
C:\Windows\360°²È«×é¼þ.exe

Filesize
107KB

MD5
93de5ea4f41f4b38d74adaa1fcf4c670

SHA1
9d6ba2c31df12538be3ffad8d06c64d2711b6d33

SHA256
5f4deb24d94e794b97d32d96d8fd864ab1cb282c6efe47772d286cf007eb5753

SHA512
d4a29751038d38349717cec244b18271cc413ea7ce3c4c3a24a63b0ad5cfe7bbd1f4231891ee9fe0be61485cc0e402a970c0ab37a09591e0d9c0199a2df1f0a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads