Overview

overview

10

Static

static

3

158434027a...e3.exe

windows7-x64

10

158434027a...e3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    158434027a6c1b3760708c6d18e603e3.exe

  • Size

    108KB

  • MD5

    158434027a6c1b3760708c6d18e603e3

  • SHA1

    a1170822f237fce752d9a3520b31c4c703eabd43

  • SHA256

    398c5c62c388de90c65d936d1d865910d0393f3357f0c5ce3c3e57576a0a65b3

  • SHA512

    35f51ad8bf90705c518648d3a41138f182778522db25e21f42644d4a9314e0716fc90904d45392d7dddeb8fade70ef11609991213771b6ece9a9183cbc6067a0

  • SSDEEP

    3072:lWCnxG9QL2Se7/ZGDhkWTU4MubTdzJL2c9/D61Wdd:pxG9p7BGDeWTbvdzB9Oo

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 4 IoCs
    evasion
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\158434027a6c1b3760708c6d18e603e3.exe
    "C:\Users\Admin\AppData\Local\Temp\158434027a6c1b3760708c6d18e603e3.exe"
    1⤵
    • Modifies firewall policy service
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\msrpc.exe
    Filesize

    108KB

    MD5

    d613553ee8b60e80f518f8b6bcef03d7

    SHA1

    3c28e15d28190bd048b8dde8fa8d8de0c11d869d

    SHA256

    c577d8712856f20598d7f6ca01af51fef5e2f1609a681d38ed73a35d90052ddd

    SHA512

    8a9337843ebed3bb3148dd75624a1a55111789b6af1b4fee01c94ea5236ae321f45683cb7c2b3f01192d2eb25ffc2ea7855f92564a5f01af7aec86f46345363c

    Download Submit

  • memory/456-0-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-17-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-18-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-19-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-20-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-21-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-22-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-23-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-24-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/456-25-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download