Overview

overview

10

Static

static

3

69ca528969...39.exe

windows7-x64

10

69ca528969...39.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 11:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    69ca528969ee6d8bff0634484549d639.exe

  • Size

    55KB

  • MD5

    69ca528969ee6d8bff0634484549d639

  • SHA1

    95f651536d2705da2f24a9005b804c53916151dd

  • SHA256

    6bff7a46b278c90c0ce3aba63259cd0ad99556422a51afb984b67a6c00824448

  • SHA512

    4e465e6f348d32c4911aaad235c44dcd8d5fc0707ba04f68b5606225ae72a113d8b78ccaa7593e9f8da85b002babf34b43679aa997549130b5390b43e8bcd46c

  • SSDEEP

    1536:V3cpyORJLuB4P4AJJv4Romu/bnkRf/Wdw:V3c1fP4AJJv45TRHz

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\69ca528969ee6d8bff0634484549d639.exe
    "C:\Users\Admin\AppData\Local\Temp\69ca528969ee6d8bff0634484549d639.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\msie1\Internet Explorer" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2252
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp.bat" "
      2⤵
      • Deletes itself
      PID:2880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\tmp.bat
          Filesize

          186B

          MD5

          03c10bcf6e49b8582fab4a426d75dc0c

          SHA1

          f593423df72ddaf867087adde62cc93c4c892716

          SHA256

          8395f0f74a0e87eb46b5783ad7b4a09d5ee2b3880f2046c53bf126820ed9fd1e

          SHA512

          260b7dbe216c0432e6844434e2af98bfb863b29ced5a6dc7d4659b78d5490f51548ca08e598de0725b18d883dd8824e4653221e1fcad0a5af6778bd3d86a60a0

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsy5FCE.tmp\System.dll
          Filesize

          11KB

          MD5

          00a0194c20ee912257df53bfe258ee4a

          SHA1

          d7b4e319bc5119024690dc8230b9cc919b1b86b2

          SHA256

          dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

          SHA512

          3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

          Download Submit