Overview

overview

10

Static

static

3

2e8a7390ed...01.exe

windows7-x64

10

2e8a7390ed...01.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    106s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 16:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e8a7390edcf4c3ad02ab54558375401.exe

  • Size

    148KB

  • MD5

    2e8a7390edcf4c3ad02ab54558375401

  • SHA1

    c9e99c4ced9fd5e120acada63fbba46a0528a9da

  • SHA256

    79fb96c697a46a74f1f4d5368a758992046e53e575effc921947ebf66262f955

  • SHA512

    0a48446ee036750a206a5d253174d8b983555d1432e3f846442cfee5595d0f839280d2b75b0db075d9ac67fe528ba3619917dd4a966350dfa40a8710bdc454b5

  • SSDEEP

    3072:oVWZBWAJCbL2+LaEdtQqXjuVx3ucPsunjzc5ULc5uszD9dDy6j6:osZBWAJCbL2+LaEdSVx35P1nnc5ULc5B

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e8a7390edcf4c3ad02ab54558375401.exe
    "C:\Users\Admin\AppData\Local\Temp\2e8a7390edcf4c3ad02ab54558375401.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\Admin.exe
      "C:\Users\Admin\Admin.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Admin.exe
    Filesize

    109KB

    MD5

    7d35d8c3703c3e733e8495b79011eff5

    SHA1

    559a9f199e56b44ae7b083e6ed7fcc528087bfd8

    SHA256

    a73e413951683f65fbe21b1ddfd6cfb1380750797aa46573d839d9050cf9fbce

    SHA512

    49b45c49ee20837f296c727e240f75c97921958184718d266004fe72cfdb210bc162cbf65fccd95fa876cd6a5937043c7be8a4c847902a3e62804691c30b24fd

    Download Submit

  • \Users\Admin\Admin.exe
    Filesize

    148KB

    MD5

    1d0cca4553b66f28c9bd88b22e08e687

    SHA1

    759a8543bfb3a89c0dad4b6653a63ddf1d759ab0

    SHA256

    98b31be33a1b633a0a9c58bb978573fba0803539ce510fe0f445701f84d3a4bd

    SHA512

    d58db76ee47980f44ce1d4e9d645498cac4040b8f890526eed4aa7498949cf6c1639421c9f1a085df9cef6025e931f0c4e937d05111b38e223b08e2b7a4dc827

    Download Submit