Overview

overview

10

Static

static

3

2d757737b4...f3.exe

windows7-x64

10

2d757737b4...f3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d757737b43a2b900873cd85dd64b4f3.exe

  • Size

    260KB

  • MD5

    2d757737b43a2b900873cd85dd64b4f3

  • SHA1

    35efebd5b3a4e69333b0aec11858069a3875ffa7

  • SHA256

    13f15263fa17c417ebc8edb24db4d4a61cc3be4aa088871f9542da97d7468cb2

  • SHA512

    61ad9ffe05fb51e24aa824b652e1c77632c4922bca7e2d1749ee4c19cf599d1dbafb7e21f0f92764726797d362caebe70e11286b54e14c1041d55c158523e095

  • SSDEEP

    3072:MgfAlNsvh25n/kZoSUjMqXnpWAkpAmTSrMaIOYt/jo7LAtPhjjtZnfHFEoWBfGV3:MdxgTSrMaIl/jcLijfHFEHWzXvjT85R

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 51 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d757737b43a2b900873cd85dd64b4f3.exe
    "C:\Users\Admin\AppData\Local\Temp\2d757737b43a2b900873cd85dd64b4f3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\wuoeyi.exe
      "C:\Users\Admin\wuoeyi.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\wuoeyi.exe
    Filesize

    23KB

    MD5

    fabb0ec8d8187a540ac63f125f9e876d

    SHA1

    7ddc051ff28fd98b9895d567ba74f4b9ecea6b82

    SHA256

    ef15b5def5c45074a86dbba986b98fcfc6d81946479f7c3ac86f19f711cc9aa4

    SHA512

    79d12018a2f85639fab133bb525812dc68a18e008e8ab0d65b35a38544ba056f32e03884e8441c3bdd625559a322174bdec47117378ed4262b06fad20cd4402d

    Download Submit

  • C:\Users\Admin\wuoeyi.exe
    Filesize

    252KB

    MD5

    d6152def1d36d617bb736af8e02a4ca2

    SHA1

    c50de8e904991a59aa5cd67e1ab859610b830493

    SHA256

    9994d81e793affc390a5da5cd38460244188649b0ce5170d80a80e750fd2c702

    SHA512

    703baa66134b0a9e54be735136a0d98d60e859e504c33dee00d2a1015fa174cba5ff04ab7984f428a77d10818f7b1fc65b74b539d79b361a800cf820882df8be

    Download Submit

  • \Users\Admin\wuoeyi.exe
    Filesize

    260KB

    MD5

    9ac693f42b3ce6e079680b82ca88590d

    SHA1

    a8638b56e249817cd4476264969f27a0e28e15eb

    SHA256

    9083588aa8c952f9ba2d4e8bb192dbf9a92371e0aeea819b8301d46d2295c754

    SHA512

    3b47502ab74553e8242ca5fb2040f1c041c15ccb025cddb97b12738046e0741ef4cbf93835da33cb37dc6b2de7321cfc5b3bcf4ae78aeb8f79ad5292ce0d7d6e

    Download Submit

  • \Users\Admin\wuoeyi.exe
    Filesize

    52KB

    MD5

    7dacaba3bed7bc2da6e21578c6787838

    SHA1

    d33ea69e26937347cf80cd87719eaacaa360b5de

    SHA256

    dcb99674f6398d04e0d30110e6fca4b9baf8088275d78f2b1b616ba0715121b1

    SHA512

    36787fa6dea8979df5fcb67c958b9d340285d5f4f6df658c5ff0f39fbf2e150b6252859f1e7757fd3dd110d55b81c8ec228e4a049c23064d627bbec7bb6038fa

    Download Submit