Overview

overview

8

Static

static

3

65a71e7975...0f.exe

windows7-x64

8

65a71e7975...0f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65a71e797532fd22ae5ad59d92367d0f.exe

  • Size

    426KB

  • MD5

    65a71e797532fd22ae5ad59d92367d0f

  • SHA1

    49a1f0640a792f383ce33dcd4abf411ffac3db7f

  • SHA256

    12ea8131dddcc2466ede5afedc007dc83bed3f5cd06480507cd8d36433a4c208

  • SHA512

    298e085300468ed3deb93e28ff76c9f319c65af6ad3dcbdf8feacc4830ade7c968b229feb1cd1559cb36627712e45ffda04e75a18c68839e6bc7534e55fac1ea

  • SSDEEP

    12288:NtKe6Zv23YdAPaPUD18t2o7UZlgEt4lsAXA2:d6Zv2aP7tiTt4lTXx

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 4 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65a71e797532fd22ae5ad59d92367d0f.exe
    "C:\Users\Admin\AppData\Local\Temp\65a71e797532fd22ae5ad59d92367d0f.exe"
    1⤵
    • Modifies Installed Components in the registry
    • Modifies system executable filetype association
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Windows\svchost.exe
      C:\Windows\svchost.exe
      2⤵
      • Modifies Installed Components in the registry
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Modifies registry class
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\concp32.exe
    Filesize

    434KB

    MD5

    95791fd834305cf31d624e30eaaed7b8

    SHA1

    01a25448281f6831f27237f2c6526957e6f945a7

    SHA256

    acbbf566b41f907a8be35f70c99b64d7614a0323e9fd9f3a37c343d9b460f564

    SHA512

    bb1be310d62d40ffced9e6e524927021b437b959cc471916af123def5c3552330f2268aef5d0fa58960c57633c9443a63f309df3bff5b4f3b3647c3a9308859f

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    428KB

    MD5

    0812e32c8c00155cbf281e1ce8c46c0e

    SHA1

    db040fcee23bee264e5ab8c7e1765cbf3ea306b7

    SHA256

    cefa0a7d5433d159be39c5adbb2149305eb81320e9087b9b2d37c86f12ff9117

    SHA512

    5544bd044c34b138f1a8e0a90a5dcc5e03ae9b917aa5c5ed6ccafb033643a86de154776e58696730cf20b78c86fa0b48bef3c319c294a0df6b06e5ce8f317e8d

    Download Submit

  • memory/1896-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1896-14-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/2180-15-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download