Overview

overview

10

Static

static

3

2fe4e82fb8...95.exe

windows7-x64

10

2fe4e82fb8...95.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 17:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fe4e82fb8505a4cbc62ca4aabb61e95.exe

  • Size

    156KB

  • MD5

    2fe4e82fb8505a4cbc62ca4aabb61e95

  • SHA1

    9236f8956550b485b92946917d782f9e97c4a99c

  • SHA256

    6ca38c1314069b980b5d2909c66da5aa85dda1dfb72bc3b673d218c8ab7ad8cd

  • SHA512

    c1365a6b85f1956d728568c13ae4eee9acaa81d8e394608732438a6e77c7cfc0c8ef21a3e5128f820096fc269b9cc5ad7baa9464515c892175bb2c2beca07c34

  • SSDEEP

    3072:4hoG1vvf963zW2FFWj8mXXvNrkUpBdasFhSFJmoq2vXqkyzGsNry9/9P9w9BVgI7:1G1vvf963zW2FFWImXXvNrkUpBdasFhH

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fe4e82fb8505a4cbc62ca4aabb61e95.exe
    "C:\Users\Admin\AppData\Local\Temp\2fe4e82fb8505a4cbc62ca4aabb61e95.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:284
    • C:\Users\Admin\laofe.exe
      "C:\Users\Admin\laofe.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2404

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\laofe.exe
    Filesize

    156KB

    MD5

    8ebd32f710fa243782228ce2393c8b8c

    SHA1

    561a634b11de4e2ab7d34200a7a2721d5bd2909d

    SHA256

    f2ec146bdb75c2fbe22f4a2b944b044a0c1343a2ad9d96fb8a5d941c6112b26f

    SHA512

    50b7bce7f9dd0ab3b89cf51134572f28eb071545179a803b95d177317e6d94a19554748191d3b573f40176f44fb1c0868b17249d5532a0b423d176af04e276ff

    Download Submit