Overview

overview

10

Static

static

5

39409cd656...36.exe

windows7-x64

10

39409cd656...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 19:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39409cd656c0bc7567e2c8352dcc2236.exe

  • Size

    512KB

  • MD5

    39409cd656c0bc7567e2c8352dcc2236

  • SHA1

    0b4ded3b48affa28dfc075d3a56c6a8ed1ac9479

  • SHA256

    9f93f8f5e71266c7001be5bfa04830fc68f8a697b014d04058d1cf5417c5fbd7

  • SHA512

    d34208d2994a2a7314b2b0c16af693504658f3588bddbba4a31f5aaa75db37814b48584112d2a70e07a871852f7dbb1b90409eea6e5038781fdbc1aecbe3cd2c

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj60:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5V

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • AutoIT Executable 6 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\39409cd656c0bc7567e2c8352dcc2236.exe
    "C:\Users\Admin\AppData\Local\Temp\39409cd656c0bc7567e2c8352dcc2236.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3796
    • C:\Windows\SysWOW64\gzvwvpzomvbeq.exe
      gzvwvpzomvbeq.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2332
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
        PID:4332
      • C:\Windows\SysWOW64\awfenawv.exe
        awfenawv.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4944
      • C:\Windows\SysWOW64\bbwdandcvdeyhfh.exe
        bbwdandcvdeyhfh.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2144
      • C:\Windows\SysWOW64\nptegcoiec.exe
        nptegcoiec.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:824
    • C:\Windows\SysWOW64\awfenawv.exe
      C:\Windows\system32\awfenawv.exe
      1⤵
        PID:2432

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\bbwdandcvdeyhfh.exe
        Filesize

        92KB

        MD5

        6662b185f19fbf697c56a25c92de7961

        SHA1

        0df0c0df0de3724258df2549c583e3c934aca726

        SHA256

        c11edb9e97848e20319fba876d9382c7193f68323eff1f7ed805bb04303bdc86

        SHA512

        c6e2cb83f68a63ca299dae843d2697d41dab8b565fb4005755b0d255b388779b6c1dad97375009c995f0a3d2e0acb4cc820090ca5dc24ee11e1a3de5b1a4921f

        Download Submit

      • C:\Windows\SysWOW64\bbwdandcvdeyhfh.exe
        Filesize

        512KB

        MD5

        bae7e1fa45755d7bc558bb957fe63bc4

        SHA1

        ac0f26c75204b62c75b3d1e4af3d6d8822b2bbcd

        SHA256

        75fbf66d3e29b2b385145bdc79db9f40076d0d2a24c605f608a7dd3ba89003dc

        SHA512

        f15e1f5ead0c719e8bfe5bb45d347d9971bacb334e83d8e96dfa75a605d40af094d6f371da1b24bbc164076fe88a5a522089640952ac26d2e546cceab687b84d

        Download Submit

      • C:\Windows\SysWOW64\nptegcoiec.exe
        Filesize

        382KB

        MD5

        badd716c7c48a8241873d9251da496d1

        SHA1

        6bd2a072c8f64a1780fe75d983cb7b6584985c6d

        SHA256

        ad4373bfa026f66380b8ce44d6bc300d146770114fb10087019af7c616dc11d7

        SHA512

        7bf3f09216e2ba376053e668963797cd78f91119467917a84f467dd3110d6bd26592784cdf7cefd293413ff5b6dbe10a996d89627177235d9f109732c05f36c5

        Download Submit

      • C:\Windows\SysWOW64\nptegcoiec.exe
        Filesize

        512KB

        MD5

        8bc68f2eb02fd79ee998e23d54e73c5b

        SHA1

        29a4cb19e568eaf774387caa62106c09d3e49b7d

        SHA256

        733a54453fd29062c631fc5f91d6835de7b6a6d7851635483c65c0c6e08aedeb

        SHA512

        c9be46a3883b08705f515d6f59a018ba5ec50209797d3a517469b838e5e09dfb26df9bc38c0c6027da78e7aee3075506dc51d1eb46a3772fa0b50753b9bb10a8

        Download Submit

      • memory/3796-0-0x0000000000400000-0x0000000000496000-memory.dmp

        Filesize

        600KB

        Download

      • memory/4332-53-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-42-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-51-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-45-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-55-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-57-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-59-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-58-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-56-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-54-0x00007FF9595C0000-0x00007FF9595D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-52-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-50-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-48-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-47-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-46-0x00007FF9595C0000-0x00007FF9595D0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-49-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-41-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-39-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-38-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-37-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-44-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-43-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-40-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-121-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-147-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-148-0x00007FF99BBB0000-0x00007FF99BDA5000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4332-146-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-145-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-144-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4332-143-0x00007FF95BC30000-0x00007FF95BC40000-memory.dmp

        Filesize

        64KB

        Download