Overview

overview

8

Static

static

3

6a6c91c252...b9.exe

windows7-x64

8

6a6c91c252...b9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 04:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6a6c91c252eb0a31faade2ce71ea54b9.exe

  • Size

    898KB

  • MD5

    6a6c91c252eb0a31faade2ce71ea54b9

  • SHA1

    37f3afc8e730506fbea34f09300a893dd5a07a6d

  • SHA256

    92441d62ebcd8c2474473bcf7d7599c6772e4828fa9803e97c808d1bec18e98d

  • SHA512

    347e7e79fdd23d821e4d5234f88a4b6a5e2a83b0d3eaddfc76928c1e44edb6de1523da1f7aad5cb2641f5d7f784b725eab618efe485a3b54c4596de1d2585e2e

  • SSDEEP

    12288:nx53rirHbCWJuS5TIcqk70D9DO0bY907IDU6/eb0esFCEg:nx53UgXcqk70x6YYe75mZdCEg

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a6c91c252eb0a31faade2ce71ea54b9.exe
    "C:\Users\Admin\AppData\Local\Temp\6a6c91c252eb0a31faade2ce71ea54b9.exe"
    1⤵
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2944
    • C:\Windows\SysWOW64\netsh.exe
      "netsh.exe" firewall set opmode disable
      2⤵
      • Modifies Windows Firewall
      PID:4976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2944-0-0x0000000075190000-0x0000000075741000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2944-2-0x0000000000B80000-0x0000000000B90000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2944-1-0x0000000075190000-0x0000000075741000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/2944-8-0x0000000075190000-0x0000000075741000-memory.dmp

          Filesize

          5.7MB

          Download