Overview

overview

10

Static

static

3

025e7a9619...a9.exe

windows7-x64

10

025e7a9619...a9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    025e7a9619f052a0a939f5401eb9bba9.exe

  • Size

    1.9MB

  • MD5

    025e7a9619f052a0a939f5401eb9bba9

  • SHA1

    a351fb1d3ce9b2d8c1c3c65c74c9f8be54fbaf67

  • SHA256

    bd2308033e151f6a0806dfb25be89756f7d480057ec91112b4022a9d0259b7bc

  • SHA512

    c2f83e5f5f0b9856f57c5d1e7097e1b965c0dc676666cf2e10c524727b7d672f1016fc7f12b3e8ac78c423862d04b3dcd79881bf96f5b004e628333c64553feb

  • SSDEEP

    49152:DfFVaZ8LXYPGjw3ZUp+1URlA54qgrKBmnOirKmwaOIr:DfbaKcGcqpPRle3GTrKm1

Score
10/10
discoverypersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\025e7a9619f052a0a939f5401eb9bba9.exe
    "C:\Users\Admin\AppData\Local\Temp\025e7a9619f052a0a939f5401eb9bba9.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4956
    • C:\Users\Admin\AppData\Roaming\CCntr\ccagent.exe
      C:\Users\Admin\AppData\Roaming\CCntr\ccagent.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\CCntr\ccagent.exe
          Filesize

          194KB

          MD5

          93f12f35388be14412fc4b929f1640c1

          SHA1

          159054116dd01d60168925bbc520abe301bedc9b

          SHA256

          cb855bdf3d5c206ffc071b49766404663fc4a5221dafcd285eaa5bd6d4bb021f

          SHA512

          0b077793cdc427ae2e7dc18d8cc462de11143974a2f43877b1e7e2fef48d4c985e397f124f229469b2ac7f645d5a637ac564064ee829f987f9bb3841181e713f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\CCntr\ccagent.exe
          Filesize

          97KB

          MD5

          2b8386c65c2706139c4accbe7440afc7

          SHA1

          e011bf0f39beeec8d94bbfbfb0df7a4534087750

          SHA256

          57cbb50f80707b6f1c78d746bdd4a53bca7907120f4f5f35ed5b07985c328826

          SHA512

          254b510e36ba83b69c2614279c52b437495d13ad49c6d7ecf155136f29487ab0c5bb963c6516f1878205e0734883107bb185ceb2f78a6bebf2b513f3a4c4ed4b

          Download Submit

        • C:\Users\Admin\AppData\Roaming\CCntr\settings.ini
          Filesize

          180B

          MD5

          f64b91e9d33ec957d9ba096f2201e764

          SHA1

          d7bec948194ff26db71e8081369ad5ac825d01b4

          SHA256

          3ea958c1d4f38b0b17eb725fc01446ba99b8955df001fecb82fd50fb32756537

          SHA512

          8a9324ab0896282c0044dc915edf7b9cd55aaa4a5224e3118f2f5a58bddb4212576413477f7076646855b3be1d9588e9e4a3af146acad5747110eb06df374eac

          Download Submit

        • memory/4032-17-0x0000000002260000-0x0000000002261000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4032-19-0x0000000000400000-0x0000000000491000-memory.dmp

          Filesize

          580KB

          Download

        • memory/4032-21-0x0000000002260000-0x0000000002261000-memory.dmp

          Filesize

          4KB

          Download