Overview

overview

8

Static

static

3

36bdda43e7...51.exe

windows7-x64

8

36bdda43e7...51.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 19:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    36bdda43e73997a8cf45bb551d74a351.exe

  • Size

    113KB

  • MD5

    36bdda43e73997a8cf45bb551d74a351

  • SHA1

    b343cc61e39d7cfd27bd4d081c807f37522a5531

  • SHA256

    629d7370d0c761234400ce6cd65eef3e1b974df6129e6e3bc7158a1d3ab9a3d0

  • SHA512

    b9bb0f8a53e556684c29c3d578276d0384ee15aaf507a6dc76018c8f8da26f778bd265422565519d2a2b0535c0f22993ea774e46674f0f7da42705986e532504

  • SSDEEP

    3072:aCU63Qs3SnhpLYTXPWXWT7QBTG3EUm9y9UFADUZD19:OeOZmiWEUmY9U6Di

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\36bdda43e73997a8cf45bb551d74a351.exe
    "C:\Users\Admin\AppData\Local\Temp\36bdda43e73997a8cf45bb551d74a351.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1144
    • C:\Windows\WinUpdaterstd\svchost.exe
      "C:\Windows\WinUpdaterstd\svchost.exe"
      2⤵
      • Executes dropped EXE
      PID:2884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\WinUpdaterstd\svchost.exe
          Filesize

          45KB

          MD5

          a32f6ff2d4e1f85634e52d60da733e94

          SHA1

          1e4e424ba255444f33d2eb5e0acf5eb8a35c0c7a

          SHA256

          dcb05d44302dd01dfca5c2ffd7477d4592e9f05523cd69fbcfef41a5fa5e89c7

          SHA512

          79d73478ae5e90ebae72d0586f1022ee8266035b8b3805e41be3fb3974efb04937272dcccc5a5eb0d00ce05f7a83d212aa8bf1396c5a53dfffed87c829c728b3

          Download Submit

        • C:\Windows\WinUpdaterstd\svchost.exe
          Filesize

          21KB

          MD5

          34e46c408cf73b103cbcaa133d80890b

          SHA1

          48e2aebdcf3e8a988f2fccc838bc276662bd565c

          SHA256

          b5a3ec6502edfd96f7cb4b08b1d4b8effc94de539445ce8318397122a1fdc14b

          SHA512

          b3ba25dff44b4f6d0a84ae64be37435b7c093bfc94be81a4597d9f43e9f2d6f8a779188f7c967fb0e1414daf8f67c8e7ee6d7c6baa61923454f21bf51d96f46f

          Download Submit

        • \Windows\WinUpdaterstd\svchost.exe
          Filesize

          81KB

          MD5

          17a88a4f5e96edbfc36c3be588a8132a

          SHA1

          df4905dadb7241fb6d904d507f01f2e163a834ee

          SHA256

          8eaa7f0f04e20e8e2cf19e62df758a382bd3a67bf67ef612019c976fb744869f

          SHA512

          c77727af57f4077efb8ebe637806c55510281e2d03b6bef1fee0c3ef0187b0f8b014123f1e7a545ed934aa7f8c239482f6e9c6204789ba1a91797eea9b948d93

          Download Submit

        • \Windows\WinUpdaterstd\svchost.exe
          Filesize

          79KB

          MD5

          ea59d5833fc04416d5dd9532a6e7cfab

          SHA1

          e1dbe7c0943a824df7d15c2aa29ecd3acd9d2f8d

          SHA256

          78bf856ef1bc9e92dbe24d63e9334059b9d0ef7e92e8925c10372680f85bc7a5

          SHA512

          447e6b40ac82911385aebfc52f9d32a19fecbebde9440ac69669a5686b7c4c4ef32033539a5ce542fb98740c424e1fd320d0952ddb5740cc2caa03a1b5406b65

          Download Submit

        • memory/1144-9-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-13-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-17-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-12-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-10-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-14-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-15-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-16-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-11-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-18-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-19-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-20-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-21-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-22-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/2884-23-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download