6f33b9a7dd374006bba73d1b278dbb4295a34d522322b256cee67e201305c0c5

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45093506351b413abe198c804c6d4646.exe
Size

155KB
MD5

45093506351b413abe198c804c6d4646
SHA1

48b769f1eecbfcffebb2bff685c0a749c06cd201
SHA256

6f33b9a7dd374006bba73d1b278dbb4295a34d522322b256cee67e201305c0c5
SHA512

6cbdf468843df8e1875a1e6ec4d19cd55e72cf27669d252e110f31956affaa2cd9a5fc98144910879eb556c9774507839df930c4cc46bf00083d37cc2fb54e59
SSDEEP

3072:lanR5kn0Yj0lip0OmYbGq48ukyhOIab+mtB75+gUyyjqk+iBP0FgofEhJ:Avk0NUMYKayhpzmD7Eg7yek+iRzGEf

Score

7^/10

persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2836	rundll32.exe

Loads dropped DLL 5 IoCs

pid	Process
2164	45093506351b413abe198c804c6d4646.exe
2836	rundll32.exe
2836	rundll32.exe
2836	rundll32.exe
2836	rundll32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gizip = "rundll32.exe \"C:\\Users\\Admin\\AppData\\Local\\Temp\\gizip.dll\",SteamUser"	45093506351b413abe198c804c6d4646.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2164	45093506351b413abe198c804c6d4646.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28
PID 2164 wrote to memory of 2836	2164	45093506351b413abe198c804c6d4646.exe	28

C:\Users\Admin\AppData\Local\Temp\45093506351b413abe198c804c6d4646.exe
"C:\Users\Admin\AppData\Local\Temp\45093506351b413abe198c804c6d4646.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\gizip.dll",Wiz_SingleEntryUnzip
  2⤵
  - Deletes itself
  - Loads dropped DLL
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\gizip.dll

Filesize
155KB

MD5
30cab156bbe0f92559132446bacfac78

SHA1
c80356606d26e985326bd62a95bb81ff2ca90f09

SHA256
94e80d0017213f487002234261a3ed681bc70bf048f662d5d262256124cd3fdc

SHA512
b6a128d74d9f65a6cd9a2c49dd56dc04a403089c63448b019aff7118124bf6ab992c5a383c8339fe864545fde42ca51e37edf9b11a8215fb958df4f3608543ee

Download Submit
memory/2164-0-0x0000000000220000-0x0000000000237000-memory.dmp

Filesize
92KB

Download
memory/2164-1-0x0000000000250000-0x0000000000279000-memory.dmp

Filesize
164KB

Download
memory/2164-2-0x0000000000220000-0x0000000000237000-memory.dmp

Filesize
92KB

Download
memory/2164-12-0x00000000002B0000-0x00000000002D9000-memory.dmp

Filesize
164KB

Download
memory/2836-22-0x00000000001D0000-0x00000000001F9000-memory.dmp

Filesize
164KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads