Overview

overview

10

Static

static

3

07f800ef66...ac.exe

windows7-x64

10

07f800ef66...ac.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    198s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07f800ef662b59d31e1b57122541d2ac.exe

  • Size

    325KB

  • MD5

    07f800ef662b59d31e1b57122541d2ac

  • SHA1

    2a96c2f2ea7440f3a322a917007d97a08c6cc276

  • SHA256

    1445992f043750980b2081da2b624134affdad45957efb7bd6e20a6f8250f26b

  • SHA512

    3e31bd26de9f7a8d093d0fc2dbae9a83141d2803d723f83b72b312a00045a51e1c3f1bf3c5afe30e4553cc231c0b9a3250de7eff712966a883a44a7eee97454e

  • SSDEEP

    6144:gbgpd5NG3XXnRI2RZfdM5rkVYIWNJnXyEtBfCvoK8CUmt6CAWctDpv:UgP/IXRIGdMNkiIEJnXWzbUVtWctDpv

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07f800ef662b59d31e1b57122541d2ac.exe
    "C:\Users\Admin\AppData\Local\Temp\07f800ef662b59d31e1b57122541d2ac.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
      "C:\ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\07f800ef662b59d31e1b57122541d2ac.exe"
      2⤵
      • Windows security bypass
      • Deletes itself
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
    Filesize

    323KB

    MD5

    7642ada35fe1f8c452250ee58d19adb9

    SHA1

    0c9fbf2314caef6a7387ba94d8a7bc8105eb9f65

    SHA256

    212c2fa57117f36ac398b29674b72b9a9783bf23b0bf3bc34a4e8e4e806491e0

    SHA512

    5c5cccec65e1123af35db53479254a82f3834af6b915b0d2a895b983a28a1bfb932314f96a647cb32beaa248402ae17e743a702e7d1c546c32014a4fa927c8e3

    Download Submit

  • C:\ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
    Filesize

    279KB

    MD5

    35211c506f83853c8ce02fc4e248a671

    SHA1

    3eed30c6eaa02293757a9acb58bcfe79ccae3f32

    SHA256

    325d11e3cfb326e21ec33c5f9d6fde9357cf4e34f23712c4c3858d49fab0f2da

    SHA512

    24e30d9b3f8996f7bed18548b40b8d12e317be04e01cdf312dba636f00a33d368d91b7c886f07ffdb3b7bbf01b2fbf7a0e30fdcbe894c94d770488192672393e

    Download Submit

  • C:\ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
    Filesize

    278KB

    MD5

    83ec7a79265325ff876233218959a402

    SHA1

    f7efa43178ebafa42144a0bf4edab5d77877b82e

    SHA256

    21a3a38676460690ef603630e07ac9fe62785cc3372680ce03bb16bff83b4021

    SHA512

    f1ca0118e1a7e404db19643843b6e146381d5d194ddb4f388c0ed97ccf898ec1dae1d6ba32f60b34d3f8ddde66ed84fcf0a36ce6d05e353e05d86bdbd94a51de

    Download Submit

  • \ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
    Filesize

    245KB

    MD5

    f8e5a42f2076c45b44a52dc9094d7e0f

    SHA1

    e880fbb7ded10d4c666f7ef34e69374db8577f01

    SHA256

    ff81cf133969b13e0b9017f2f9c56896bf18960fef41fbc8ee86950a0340149a

    SHA512

    7796239c765a90a9aaeb47797cacfdd0f3e7498349d0552c42c38ea5e4b64c0e6b45a19f229d49fe82a76ca6b161a900c59121076803d0bbd23a28c9c3305963

    Download Submit

  • \ProgramData\043A6AEB00014973000B5F50B4EB2331\043A6AEB00014973000B5F50B4EB2331.exe
    Filesize

    172KB

    MD5

    a9e18c7bc25d35e3d750df488aeb2e70

    SHA1

    5f0fddf0aaf211045ba65e248579de31fc7e1e25

    SHA256

    c1fc3e2db949fffe79dfef9f1cc9776d3384869594d45f4d1ae7b6d73594491b

    SHA512

    35b6c693be43710a39ece9648b040f7992d7a56450563f571bf4b7702d708928378c80585e60730d808df7dc592faed7edf5d2578fa284509e18a3a9bbba995e

    Download Submit

  • memory/2276-17-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2276-46-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2276-14-0x0000000002170000-0x0000000002171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2276-39-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2276-30-0x0000000002170000-0x0000000002171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2276-28-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2276-19-0x0000000000280000-0x0000000000282000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2276-18-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-0-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-3-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-26-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-27-0x0000000001EB0000-0x0000000001EB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-1-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-4-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-37-0x0000000000400000-0x00000000004BE000-memory.dmp

    Filesize

    760KB

    Download

  • memory/2600-5-0x0000000000270000-0x0000000000272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2600-2-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download