Overview

overview

10

Static

static

5

702a27e40a...92.exe

windows7-x64

10

702a27e40a...92.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    702a27e40a259877b90c92cb15742892.exe

  • Size

    512KB

  • MD5

    702a27e40a259877b90c92cb15742892

  • SHA1

    474de8b01e95cdbb55e9aec9b2c0a8d6d3b228ff

  • SHA256

    ed54234f73fa20b99ec8da643be99d3350fed29e11532fb5cfcedfddec471804

  • SHA512

    c69b4cb8b9c135e930bd73678a09221ec162c2a00ae4e26f05cfbc4b89e5c733b333a4e5a7fa220cc3483ee04666d47ccb0d3fab3faa8210734fa8f2133f704f

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj61:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm52

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • AutoIT Executable 5 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SendNotifyMessage 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\702a27e40a259877b90c92cb15742892.exe
    "C:\Users\Admin\AppData\Local\Temp\702a27e40a259877b90c92cb15742892.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4704
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
        PID:4116
      • C:\Windows\SysWOW64\wqvmllzcjwrxn.exe
        wqvmllzcjwrxn.exe
        2⤵
        • Executes dropped EXE
        PID:2316
      • C:\Windows\SysWOW64\mowwbhpw.exe
        mowwbhpw.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3504
      • C:\Windows\SysWOW64\iwuyiavybhtxscj.exe
        iwuyiavybhtxscj.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2004
      • C:\Windows\SysWOW64\ryanpnhrhu.exe
        ryanpnhrhu.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1940
    • C:\Windows\SysWOW64\mowwbhpw.exe
      C:\Windows\system32\mowwbhpw.exe
      1⤵
        PID:1300

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\iwuyiavybhtxscj.exe
        Filesize

        92KB

        MD5

        6662b185f19fbf697c56a25c92de7961

        SHA1

        0df0c0df0de3724258df2549c583e3c934aca726

        SHA256

        c11edb9e97848e20319fba876d9382c7193f68323eff1f7ed805bb04303bdc86

        SHA512

        c6e2cb83f68a63ca299dae843d2697d41dab8b565fb4005755b0d255b388779b6c1dad97375009c995f0a3d2e0acb4cc820090ca5dc24ee11e1a3de5b1a4921f

        Download Submit

      • C:\Windows\SysWOW64\ryanpnhrhu.exe
        Filesize

        83KB

        MD5

        a8702132b54ee6d3203853433b204001

        SHA1

        8b4eda3b907db4855b189b7bbf1f90ba33df983e

        SHA256

        55149bd1ec219cc3394d255a20fc503a84d8577482a5fe9182547e99ebd37485

        SHA512

        3deb82cd3d72e817b276099654bde74d6d41d5aab72676e03ade0b0e17abdca021e99d7cf36b7ea216f320c493fc67c49384ad2e7e3bbd12094141855f4c6df7

        Download Submit

      • C:\Windows\SysWOW64\ryanpnhrhu.exe
        Filesize

        89KB

        MD5

        239a4c5811e5c38922945b07450f819c

        SHA1

        7916fb299d13cdc9b2e9a52050063631991acd92

        SHA256

        74722e046b059c01d621552150c108fcb3cb77aded5ee7201fadfe5e6bcb8102

        SHA512

        fd4498f4c43c9dd818ed75e06e6ac3acf8b152c0a92b3cffff6be58aa56e76e82df3ff1b53022bb5304c83b9c5c61507abd78894373ba1f83f5aa6cf42bed600

        Download Submit

      • memory/4116-54-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-43-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-48-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-50-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-52-0x00007FFD9E8F0000-0x00007FFD9E900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-144-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-56-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-57-0x00007FFD9E8F0000-0x00007FFD9E900000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-58-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-59-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-55-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-53-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-51-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-49-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-47-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-45-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-44-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-46-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-41-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-39-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-37-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-42-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-40-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-36-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-120-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-121-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-122-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-149-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-148-0x00007FFDE0D50000-0x00007FFDE0F45000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/4116-147-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-146-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4116-145-0x00007FFDA0DD0000-0x00007FFDA0DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4704-0-0x0000000000400000-0x0000000000496000-memory.dmp

        Filesize

        600KB

        Download