Analysis
-
max time kernel
150s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
05/11/2023, 05:37
General
-
Target
12b6b31717aa1fdccbacdc92aa92d9e6ab638f1e69bc33eb60e83f7ad5e6ac1b.exe
-
Size
2.0MB
-
MD5
297d2f29b5dad1fe8c1501dc8bcf6599
-
SHA1
abb173c69098d6a25052044cf36c82b288870abc
-
SHA256
12b6b31717aa1fdccbacdc92aa92d9e6ab638f1e69bc33eb60e83f7ad5e6ac1b
-
SHA512
64a8ec508af6574bde722629203c4145c747b593cb98a6e518ee437510cc2f8c4439558b6d812f535a0706dce933ed8b21f39d111374aff184eb39ddcfb05c50
-
SSDEEP
24576:C/zOjoFNSkR1DVTS+QR/896xUDcvBwkpr+u+7l22V1C+9hOFdP+n02/SCEOEag54:rjYNLVTTwTxUDKBu7lb1tYeQOKO
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
-
Sets file to hidden 1 TTPs 2 IoCs
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 4 IoCs
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\12b6b31717aa1fdccbacdc92aa92d9e6ab638f1e69bc33eb60e83f7ad5e6ac1b.exe"C:\Users\Admin\AppData\Local\Temp\12b6b31717aa1fdccbacdc92aa92d9e6ab638f1e69bc33eb60e83f7ad5e6ac1b.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +h C:\Windows\regedlt.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h C:\Windows\regedlt.exe3⤵
- Sets file to hidden
- Drops file in Windows directory
- Views/modifies file attributes
-
-
-
C:\Windows\SysWOW64\cmd.execmd.exe /c attrib +s +h C:\Windows\backgroundTaskHost.dll2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib +s +h C:\Windows\backgroundTaskHost.dll3⤵
- Sets file to hidden
- Drops file in Windows directory
- Views/modifies file attributes
-
-
-
C:\Windows\backgroundTaskHost.dllC:\Windows\backgroundTaskHost.dll2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD5239367030218a80df0c3e10998e41944
SHA13434c6b6b76fce8b32a22e3d2333360bbf5cf263
SHA2560470d2bb3b9704431e67042a8e364691867c0746c087d46d7cf3a30c8705c364
SHA512a2df0df9c0674078c7f8a90216b41f2c4821b16ca117740dbe5fd9af30699491bfba3555d52cb3ddfce1567028602b02853e6a9812a2bc33cb49cb38acbe9b77
-
Filesize
1.1MB
MD5239367030218a80df0c3e10998e41944
SHA13434c6b6b76fce8b32a22e3d2333360bbf5cf263
SHA2560470d2bb3b9704431e67042a8e364691867c0746c087d46d7cf3a30c8705c364
SHA512a2df0df9c0674078c7f8a90216b41f2c4821b16ca117740dbe5fd9af30699491bfba3555d52cb3ddfce1567028602b02853e6a9812a2bc33cb49cb38acbe9b77
-
Filesize
688KB
MD5fb09a3b0530221f7ea21b2c74d45a1e6
SHA1ead0460a76ace5726e6866c9007b0e663c69fb4f
SHA256aa600469d84388f68bb3aae8354825f1b26cd78f11eb741e526d7f75950fd452
SHA51249de224bd195ec855a1b49938ad395c77a3ae22c23388e9c44ba0181b79bcbbfb93fe23dd16ae64b321bf43dc4e1f78c901af5d9bbe6583a50db26778c6f0bf8