Overview

overview

10

Static

static

5

26b55565d8...5f.exe

windows7-x64

10

26b55565d8...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    4s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26b55565d8b141f716191d5fcbbdaf5f.exe

  • Size

    512KB

  • MD5

    26b55565d8b141f716191d5fcbbdaf5f

  • SHA1

    406719021ae9f4ebf58cc4df5a6cebdd32e3bf46

  • SHA256

    1592771df224158a190193c4ef0f5bc196874c38edc1eb67974a740144add4a4

  • SHA512

    ff92f2c5cc32fd3e4d323a66204a0bc27268af3ef8ea7dc908df6dfc7e1af9028352642ca0fadbbb9b9b83488303b04ea1085f93c6836ed12a45a873b8bdfb35

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6j:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm50

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 9 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26b55565d8b141f716191d5fcbbdaf5f.exe
    "C:\Users\Admin\AppData\Local\Temp\26b55565d8b141f716191d5fcbbdaf5f.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3576
    • C:\Windows\SysWOW64\spsxumxalmebk.exe
      spsxumxalmebk.exe
      2⤵
      • Executes dropped EXE
      PID:2336
    • C:\Windows\SysWOW64\jkdhvadt.exe
      jkdhvadt.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      PID:4336
    • C:\Windows\SysWOW64\onxjiengmifwmna.exe
      onxjiengmifwmna.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3096
    • C:\Windows\SysWOW64\ucnohwmlnu.exe
      ucnohwmlnu.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:5064
      • C:\Windows\SysWOW64\jkdhvadt.exe
        C:\Windows\system32\jkdhvadt.exe
        3⤵
          PID:1800
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
        2⤵
          PID:4088

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3576-0-0x0000000000400000-0x0000000000496000-memory.dmp

        Filesize

        600KB

        Download

      • memory/4088-39-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-43-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-44-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-42-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-45-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-46-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-47-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-48-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-50-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-52-0x00007FF7D4CD0000-0x00007FF7D4CE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-51-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-49-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-41-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-40-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-38-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-37-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-53-0x00007FF7D4CD0000-0x00007FF7D4CE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-98-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-128-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-131-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-133-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-132-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-130-0x00007FF816DB0000-0x00007FF816FA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4088-129-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-127-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-126-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4088-125-0x00007FF7D6E30000-0x00007FF7D6E40000-memory.dmp

        Filesize

        64KB

        Download