Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2023 18:26

General

  • Target

    3d69d1fa8c64ee6976d69fe6e6217739ffe449cbaf230dafb5acfe7fc916a70b.exe

  • Size

    78KB

  • MD5

    933e75d6eb417732688285a3b5e67eff

  • SHA1

    f951e48c80b582c0147f75aeb03ba34ba2972774

  • SHA256

    3d69d1fa8c64ee6976d69fe6e6217739ffe449cbaf230dafb5acfe7fc916a70b

  • SHA512

    f3ce70f80f91fdbd76b4fd8d3580074219821825ecf6964bec793654e0410e0df85a8e35cbb4e55d5892de8b63545fdf280145409e2f8cdb5059ad920ee44619

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOTuEWfp:GhfxHNIreQm+HiQuEWR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d69d1fa8c64ee6976d69fe6e6217739ffe449cbaf230dafb5acfe7fc916a70b.exe
    "C:\Users\Admin\AppData\Local\Temp\3d69d1fa8c64ee6976d69fe6e6217739ffe449cbaf230dafb5acfe7fc916a70b.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4480
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    79KB

    MD5

    37f1e390a97ee13aa3055d1ea6703c0b

    SHA1

    140eea819c42634e343b0554e7616ad63f25225b

    SHA256

    9f7c1cec0d8b56d5ca6303420059300a9a44aaba3f126a91865d6b8076dc17da

    SHA512

    72bcaf7971a4b863e06ec610eccffdff54be4140b083bf924387293b0e118c37e7214806b696441a5b4c5cbd884fb0205b41e9040864f3ba03c58645866943ef

  • C:\Windows\System\rundll32.exe

    Filesize

    79KB

    MD5

    0eb30e98cd0dbaf9b778c8a9eebf18d4

    SHA1

    706bd80c5f6984d3de7fbf7767aec35c715d5b08

    SHA256

    789616e12cf9b7bcf5e4916d3d44e37316769711160698588c4f6aab2d1e2d29

    SHA512

    387a9afe155e73b4bb1fcb2ffc2b7854f1f85b516c06a96d76698a7f81e7f2d40390d3330d38c3e0dc56e8884bad8886a29eb51d47ec1713da4a9dd245c10467

  • C:\Windows\system\rundll32.exe

    Filesize

    79KB

    MD5

    0eb30e98cd0dbaf9b778c8a9eebf18d4

    SHA1

    706bd80c5f6984d3de7fbf7767aec35c715d5b08

    SHA256

    789616e12cf9b7bcf5e4916d3d44e37316769711160698588c4f6aab2d1e2d29

    SHA512

    387a9afe155e73b4bb1fcb2ffc2b7854f1f85b516c06a96d76698a7f81e7f2d40390d3330d38c3e0dc56e8884bad8886a29eb51d47ec1713da4a9dd245c10467

  • memory/1540-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4480-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4480-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB