Overview

overview

10

Static

static

3

139ab01c73...ee.exe

windows7-x64

10

139ab01c73...ee.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    139ab01c732c8feee6e7c552b8bcb4ee.exe

  • Size

    196KB

  • MD5

    139ab01c732c8feee6e7c552b8bcb4ee

  • SHA1

    3982ff87fedb3bca9fd9138d4a7f6efb5926fe67

  • SHA256

    3a35b3edb71db2f46319ce22f442e1d163f671fc457ce6f26bc71a281ce40ff7

  • SHA512

    466ec167340eaae1d4fda185d8d6e94df2fbb90a5a76a0d77d0763a29382258fb601f9969fed606ca4feb92b87ac14dbe2db052169bec3457b9ef0864917034f

  • SSDEEP

    6144:KLuQuUPH3bX2a23NYcJQ8TfxZ85WJ007G9tSBN70ZfE:suQuUPH3bX2a23NYcJQ8TfxZ9J0rtSzN

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\139ab01c732c8feee6e7c552b8bcb4ee.exe
    "C:\Users\Admin\AppData\Local\Temp\139ab01c732c8feee6e7c552b8bcb4ee.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\cwduy.exe
      "C:\Users\Admin\cwduy.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cwduy.exe
    Filesize

    168KB

    MD5

    c3f481e6ec8edd8738ab10f0ddf0a4b6

    SHA1

    c9effb68a0af5621d2f77a61f1f567be48886481

    SHA256

    759750256f5b3b8392a3fb5a1d95b0718011c302d84c3636979894d1067a9ccb

    SHA512

    7edd8a135a84482f1956cd197e40f05928359e225c3f1dd879ff2e130504b707f0f43da345864e305d2979fce323359f5aa82630b6c191ba707806fa11eb3095

    Download Submit

  • C:\Users\Admin\cwduy.exe
    Filesize

    193KB

    MD5

    2e58fd5f5dae9a6374d3a507838c3395

    SHA1

    57c510e11827c746c09348642d141962055d7191

    SHA256

    904b44bd3783e2ba9e4840d5d19980cf5e9c53edb08922fa93492637862ad1c1

    SHA512

    414e934eb8de7ea9fe6212088f6a58c3d930721678bbbbda8cfc90d90a41ab436a115886d0c2e32970d37b3052b86975a30bfa9ceafead25d1a16c0757396171

    Download Submit

  • C:\Users\Admin\cwduy.exe
    Filesize

    186KB

    MD5

    c0031b09335396fec4b93b849a68631b

    SHA1

    2ef9ebd04901cd87e40ae75120d8ac0096af750f

    SHA256

    55294102398d5ed3ebbede0dd2f3d04cb2404fdb0ab5cf025c53de06a2e410c0

    SHA512

    bf10de0dadbcdec1b58c7a1c56dc42d983ec1b451592fa75633006b4096afe91581f81aebba2da4298e8323de5aaff6a6cd82ebdf999565ae0d68c9a0af64e7a

    Download Submit

  • \Users\Admin\cwduy.exe
    Filesize

    196KB

    MD5

    776085445e079051a3ccfe1626f166f2

    SHA1

    fa2014558b972c76a03aa6f760c0e9e503768c48

    SHA256

    bf56242a5d18e34eb22840e595a2681969930ef6606a955458bb2e91c6b79589

    SHA512

    23776003d6d6e85b7a7cc5ab755b57b189b47adba82a5dd5cc18a48a3107b616683528f0affacc9adc0612a6040f123a541ebec4fa3700c14974146838066ffb

    Download Submit

  • \Users\Admin\cwduy.exe
    Filesize

    167KB

    MD5

    bf3b66634fd65f6726329065e7dd3f8c

    SHA1

    b7c6f345e078a8cc2de240abc2495ff4bbc1e8f2

    SHA256

    2553fdd68969066a0d11d30e4e6b5e8892f44beb0cd7685139e1f620377f699b

    SHA512

    fae10043c309b9971ad67a2aff37bc7da853a61dce116623cc9319c2240777f2d13193c8099637993476ccb9d9416aa2950db1af3b46d560b30cce5f7385b68f

    Download Submit

  • memory/1600-20-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1600-15-0x00000000031B0000-0x00000000031E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1600-13-0x00000000031B0000-0x00000000031E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1600-1-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1600-21-0x00000000031B0000-0x00000000031E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1600-22-0x00000000031B0000-0x00000000031E9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2952-18-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2952-23-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download