Overview

overview

8

Static

static

3

29f18d1d43...0d.exe

windows7-x64

3

29f18d1d43...0d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29f18d1d43889dc0b8b3fcfee682430d.exe

  • Size

    132KB

  • MD5

    29f18d1d43889dc0b8b3fcfee682430d

  • SHA1

    61fe80e1d5a4225d7a83acd391f0a16cfe5a6dab

  • SHA256

    19f043aa966f13a29f9a860057fb2a290939f75115e9784989fcbe96ad9242cb

  • SHA512

    dc6fd15227089b167e4cce123e5f582c4985ae32688d5483845b45cc3cd8a08b78f8b9375ec64d443a88411f903792a232ebae544381986138b7d2d9c87305a1

  • SSDEEP

    3072:ZVVOY64v7jkfam1CXDDjtFCZaOKYZfG3QZuGc6O:ZVQY5vEb2DDjtlOzfYMh

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Modifies Windows Firewall 1 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29f18d1d43889dc0b8b3fcfee682430d.exe
    "C:\Users\Admin\AppData\Local\Temp\29f18d1d43889dc0b8b3fcfee682430d.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4328
    • C:\Windows\SysWOW64\w32tm.exe
      w32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\system32\w32tm.exe
        w32tm /config /syncfromflags:manual /manualpeerlist:time.windows.com,time.nist.gov
        3⤵
          PID:3172
      • C:\Windows\SysWOW64\w32tm.exe
        w32tm /config /update
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4000
        • C:\Windows\system32\w32tm.exe
          w32tm /config /update
          3⤵
            PID:2028
        • C:\Windows\ntfyapp.exe
          "C:\Windows\ntfyapp.exe"
          2⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of WriteProcessMemory
          PID:2140
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall set allowedprogram "C:\Windows\ntfyapp.exe" enable
            3⤵
            • Modifies Windows Firewall
            PID:4464

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\ntfyapp.config
        Filesize

        23KB

        MD5

        5a44a93899fe75334f9c8c4a6e678a8e

        SHA1

        03ae59f6ecb527410035196623c62c77914dbf00

        SHA256

        8e004b549fcb90d17e9364ae951fd345cd6e8c14081275cb6161836e298c72c1

        SHA512

        5635b5c6ef7352c6767b19035c8c732652ec4cf2c1f5a1ccf0c3bea7da669ff9799e5550a496cd60923f9617a1b5040fa4e0db99e5eed90808754fd07529f365

        Download Submit

      • C:\Windows\ntfyapp.exe
        Filesize

        132KB

        MD5

        29f18d1d43889dc0b8b3fcfee682430d

        SHA1

        61fe80e1d5a4225d7a83acd391f0a16cfe5a6dab

        SHA256

        19f043aa966f13a29f9a860057fb2a290939f75115e9784989fcbe96ad9242cb

        SHA512

        dc6fd15227089b167e4cce123e5f582c4985ae32688d5483845b45cc3cd8a08b78f8b9375ec64d443a88411f903792a232ebae544381986138b7d2d9c87305a1

        Download Submit

      • memory/2140-9-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download

      • memory/4328-0-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download

      • memory/4328-1-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download

      • memory/4328-3-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download