Overview

overview

10

Static

static

3

04b8e75a67...3c.exe

windows7-x64

10

04b8e75a67...3c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    186s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04b8e75a674eae9d79da9d2f3cdde83c.exe

  • Size

    224KB

  • MD5

    04b8e75a674eae9d79da9d2f3cdde83c

  • SHA1

    a06098a656d14737d421f0fb2e57ac37e385740c

  • SHA256

    98c8b06f919641dbe7c9ebb91b931bfcd06881cf01988d6c9a6e4dcd6d600f83

  • SHA512

    46637fa9e1f7fbb9c0335f4bdbe635bd2fcaa94283432ed77db4d28aef81288a118bd630b7ef465007b6c1561f327cd6dd47b213136270406b26fa08511b00da

  • SSDEEP

    1536:41EhEeAo5ba8BuRpojAbuAbKmluyUSvQYtbZdENLHVwdcQ1ARatC:IEPb

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\04b8e75a674eae9d79da9d2f3cdde83c.exe
    "C:\Users\Admin\AppData\Local\Temp\04b8e75a674eae9d79da9d2f3cdde83c.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Users\Admin\hefes.exe
      "C:\Users\Admin\hefes.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\hefes.exe
    Filesize

    121KB

    MD5

    05e7a08b325e4752919c8450836ca007

    SHA1

    35ea1d030882699f7a5fec80f979b847ac387101

    SHA256

    d5d3df7f405673a24d301825f07d90d35e555ee29dba61154d91390a4c60323c

    SHA512

    00c7496ee6c9f35d360942ddc3e8263a76ed7a6f5075c425d3a7dee4140f04462ed962063cde7f911bf1152e90761a06ca3cb6aa8441b4df7b01a1ce75cc5f17

    Download Submit

  • C:\Users\Admin\hefes.exe
    Filesize

    40KB

    MD5

    e425c21e4dc3e298ac57494255b49fd3

    SHA1

    38cbec3d5788e3d75f3aae157451aa2177c585be

    SHA256

    6b502842557f81034db98002b2a2251861d53ea28873e35c6d08041b17f4cd2f

    SHA512

    f7c40d26c21280dce61b6495d740e0c033cca28f26f85b217b8bcd2e360eb33abdc45f89dfad8728b136e78fca8a40c74bc7e48b82128ba7e5b461952d697dae

    Download Submit

  • C:\Users\Admin\hefes.exe
    Filesize

    224KB

    MD5

    14cb2da5df58f66806adca1f973fa4b9

    SHA1

    272e4c74339a60fe2f2e96b6499178a54d3e4dd6

    SHA256

    2bc8882f8e0d80e061c9deed721b0436b12a238b03314b989f7305e1f9958e33

    SHA512

    8bda8e2ee8ad83e06886b35fcaefa9c54158253bcadede274b1d09e291d0a01e6b958f4e60e18e08c581ab7bc411176920fab165e19d1784f46a11100b0fb4fb

    Download Submit

  • \Users\Admin\hefes.exe
    Filesize

    82KB

    MD5

    adc89d193584d1ef28696bef7704b08f

    SHA1

    e9564dd1f37c546bffcb53ad9d9d6cb80653beb5

    SHA256

    cf6cd633a2b86f798f63964584378bd42694259f5dbd176f2e44bafedcf886c6

    SHA512

    2bae64e9e9a3108c1ea68eb53e0b759af21487f821ef2148f95fee25080f34f60d959cf586008f137f6c91c31458c3966144f8222ea13d7c215ab6d665488811

    Download Submit