Overview

overview

8

Static

static

3

3ece075dc9...ea.exe

windows7-x64

8

3ece075dc9...ea.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 22:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ece075dc97570eab680b3e9b9a7e0ea.exe

  • Size

    335KB

  • MD5

    3ece075dc97570eab680b3e9b9a7e0ea

  • SHA1

    746e8669ee598005be80e8f191c60780d03deff7

  • SHA256

    12fafc52c5d67e9ce5913b2fe010b5f0a8333d660d2f9b151e7a625f4444c407

  • SHA512

    ff5273a60dcb57d7af0ffc6eb2232e447673e3c0e67a02650f54eb5ebb40f6f0d15a5150dd55652975ec568d6703f5ca52b170b8e2d55837b8d82918eb5bca4e

  • SSDEEP

    6144:NtKe6YiDdv3m3mgKHIl7bNIAROzTua3Wx3uz5ffDk8wW7L3J4XIIe6VN:NtKe6Zv23YdAPaieF3Dk8T7JODD

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ece075dc97570eab680b3e9b9a7e0ea.exe
    "C:\Users\Admin\AppData\Local\Temp\3ece075dc97570eab680b3e9b9a7e0ea.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1880
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:3000

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\concp32.exe
          Filesize

          342KB

          MD5

          dd86a77b3bc020775702c5a4c48a55a4

          SHA1

          00ff287ac5e67547bbfbfc1c788928178a8296f3

          SHA256

          ba163f1e69982289f537513610719e8d88ac01da2cb7be4c4142966f8270cdae

          SHA512

          832d2b28a85d41c3c1d79023ffd509b1cadf4485648e322b92e5f0d943d43d85b127abf7abac7d24434e6630ef920b40c8240a3c3853fa5fd55025bd59c54288

          Download Submit

        • C:\Windows\svchost.exe
          Filesize

          336KB

          MD5

          bf34ccb4c8b68b05552150cd17673246

          SHA1

          8a9ea00037a0fa16955d21f5e187016c2f5c5836

          SHA256

          4b0b75916ed0d99a87e99e16e45eab83961e1acd8f728d9b5017ae0422ddf1ca

          SHA512

          96277e3af6798e5ac96c07e48bb765bc6d762ab4de618431c4847a3de569ef9cad85045dd5ef4dbaea13c29f92cb495807d85af64a07f10702697c2875f1fbde

          Download Submit

        • memory/1880-0-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/1880-15-0x00000000002A0000-0x00000000002D5000-memory.dmp

          Filesize

          212KB

          Download

        • memory/1880-14-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download

        • memory/3000-16-0x0000000000400000-0x0000000000435000-memory.dmp

          Filesize

          212KB

          Download