6e7449e046eb8043b03adc87b0bc9c92677e944dca6aaa726d4a586e19a2e058

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13249061aa5504b9c80337aa15a61e70.exe
Size

48KB
MD5

13249061aa5504b9c80337aa15a61e70
SHA1

361fe3e98be2400dabaae1ea8c2b25054fc7dc95
SHA256

6e7449e046eb8043b03adc87b0bc9c92677e944dca6aaa726d4a586e19a2e058
SHA512

638ede966fe8e9bc0461b3613d0f1582faacc6b491ba2512bb152d23cd1c3db01257a54658c6a84d42d85a6ee0323f2413af6ac1b04e9083ae53287127eda04d
SSDEEP

384:ClCxprzC+ZQvYictnyWydGQNd/NLItdHxvMy0B9DodIf15Fzdx/WstWuS:McB3QgtidJjyRvDmDai/hxn

Score

8^/10

persistence

Malware Config

Signatures

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9996F51-C7F4-F4C2-4631-2B201E886E01}	13249061aa5504b9c80337aa15a61e70.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{B9996F51-C7F4-F4C2-4631-2B201E886E01}\StubPath = "C:\\Windows\\system32:mvbkernel.exe"	13249061aa5504b9c80337aa15a61e70.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32:mvbkernel.exe	13249061aa5504b9c80337aa15a61e70.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Windows\system32:mvbkernel.exe	13249061aa5504b9c80337aa15a61e70.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1900	13249061aa5504b9c80337aa15a61e70.exe
1900	13249061aa5504b9c80337aa15a61e70.exe

C:\Users\Admin\AppData\Local\Temp\13249061aa5504b9c80337aa15a61e70.exe
"C:\Users\Admin\AppData\Local\Temp\13249061aa5504b9c80337aa15a61e70.exe"
1⤵
- Modifies Installed Components in the registry
- Drops file in Windows directory
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1900-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads