Overview

overview

10

Static

static

3

1118742a3e...28.exe

windows7-x64

10

1118742a3e...28.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    157s
  • max time network
    199s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 20:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1118742a3ebb73e7bfc1d1ffa63bfb28.exe

  • Size

    52KB

  • MD5

    1118742a3ebb73e7bfc1d1ffa63bfb28

  • SHA1

    060e2ad64e3fa0b9b116bf3e42d795db8810a845

  • SHA256

    b152826d330063f03226d8520edd8c2e9db54ce19a9bdfeca3d600ab7c1e730e

  • SHA512

    1f33ee91535b757250a1f431a764d6f9dcc493965baab3ff889f4c9b65b3ef11aa8f1e97e4a1f7c02f1d3e8f827311eb1a7a7149609cbd5e133bb81201271fd2

  • SSDEEP

    384:2vEwuahc3YlWBrrbPrbkDOAuBBQARQk/DjmMkB6rHspHVZX/s:mFVcokBr7NBBQARQk/DCMHs/O

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1118742a3ebb73e7bfc1d1ffa63bfb28.exe
    "C:\Users\Admin\AppData\Local\Temp\1118742a3ebb73e7bfc1d1ffa63bfb28.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4248
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Windows\Fonts\gsjdlbog.dll"
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:4388
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\111874~1.EXE > nul
      2⤵
        PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Fonts\gsjdlbog.dll
      Filesize

      32KB

      MD5

      222133c78b0bbfb8c2399cce86cc81bf

      SHA1

      2ed30f3dd20921ee1572ace5cc351515bd6824b5

      SHA256

      293b870f498ea3cdfe3f7c6a5c87ea7dfd252e91d06a3eb6de433d1a031b7883

      SHA512

      bebbd0909468530f577a95eba679cd92d2015bb61395e6b049c0c7220fc812d6db4e0f470af643abbdc6541a7721b46713f0bb1f5beeb9f1b147345295407791

      Download Submit

    • memory/4248-8-0x0000000010000000-0x0000000010008000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4248-12-0x0000000010000000-0x0000000010008000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4388-7-0x0000000010000000-0x0000000010008000-memory.dmp

      Filesize

      32KB

      Download