Overview

overview

10

Static

static

3

1cfce58dfd...d8.exe

windows7-x64

10

1cfce58dfd...d8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 12:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1cfce58dfd515383527e7fae60655ad8.exe

  • Size

    260KB

  • MD5

    1cfce58dfd515383527e7fae60655ad8

  • SHA1

    b43c8690f72a836fef1e0047031dfcaa84c4b954

  • SHA256

    37c7db4459b215436f9b1f1b447d8100892e5d169c1ab14574b924ca95d817cb

  • SHA512

    a0c05bd73cc3338db93b11594ac5af94dfd7f50d5a54ad7fcb012d967f9857720e1ae03efb5d6551b3afb43287356f5d502a65de3a93089e422f5ca8e90016d6

  • SSDEEP

    6144:8d/tSgTSrMaIl/jcLijfHFEHWzXvjT85R:8DTSrMaIqLlI/H85R

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1cfce58dfd515383527e7fae60655ad8.exe
    "C:\Users\Admin\AppData\Local\Temp\1cfce58dfd515383527e7fae60655ad8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1792
    • C:\Users\Admin\rrxuf.exe
      "C:\Users\Admin\rrxuf.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\rrxuf.exe
    Filesize

    92KB

    MD5

    3f8bf731213d62bfd7f6d33a6b78c0c9

    SHA1

    22b46327533c3cee4f41ca6eb56d93601ef400d6

    SHA256

    a638762fdcc55ee24df327ffbfadb7d017ac5f3ec1fcfccb81594ba20208e748

    SHA512

    91ba4f3a10ba75ce9f74caf835c1ee3c61ff7c9c335fb775ef18c5b176d4e5fb7073eb06376c0d6639efbc65957a3771aa936ea408f9f1441aafebe8f8ba1766

    Download Submit

  • C:\Users\Admin\rrxuf.exe
    Filesize

    186KB

    MD5

    e884285dbd03206c632006734225a31c

    SHA1

    cf3bc43aff5617148b1de185ddc7b5628c08b8ed

    SHA256

    ed80f18eacf3d174194b89a4172809b4f995e2a639566d2502c2bffc5a846dd2

    SHA512

    830c7920c67af324510a65bb2735f99100099a2ba45f1e2df4a8a1061617aa766fe5cc9c839965b4fd00bf3e7dbc7a47ac0bccfa09afcbb524ecd117448e431d

    Download Submit

  • C:\Users\Admin\rrxuf.exe
    Filesize

    52KB

    MD5

    f4862e94c1ab4b1c6de0c6bb96c102c5

    SHA1

    1b182ae492153a00d8bb145b8a36b0779322ef26

    SHA256

    8931d678595f0e31bd251300510a091453af7fdf6fe0cbb53e22528a8fdc856b

    SHA512

    f597f6809ea5b6d8aa7dacc000d552a86dfb1d11899ef3cdd0edfe52f4d1eef3c44f01173a7f864812771433260b5074a4fb4a549091ee95cf58bc41502c3893

    Download Submit

  • \Users\Admin\rrxuf.exe
    Filesize

    189KB

    MD5

    ca73ca67ef2d01251aa5647389f64281

    SHA1

    d2104376680cd4b03ab917acec2ce49c5d7f37be

    SHA256

    cf30399c976218aa55d213ec2f5491ba88936aca684e151327629f1a89f00060

    SHA512

    c8079a64440782b010dc1ee61a815da2ea4255015fb58e5f8f4e0fffaf44cc54ac639c7b938842b69c3d3e1443113da597e8fdfd6602d382f99340a2bc1d24ef

    Download Submit

  • \Users\Admin\rrxuf.exe
    Filesize

    138KB

    MD5

    f5ab9a5f3fd90e5ae793864dbda7f215

    SHA1

    5f29f60975726baf13912f7c54bc51068e94412c

    SHA256

    d3b81acf081917621b89fd6084be36af11bc70b558fc75926bc163f9c65efc8d

    SHA512

    df812842dc6249b24f8a388e04bcf583a0ed0a203ce32bd4b5032d437b5be15df33398473beabacf9b7452fe16367f9cef67c2426cb453cca166abf1d0be5df4

    Download Submit