Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:37

General

  • Target

    05d27d3b8ef3f0e6b720b48a4ac95197.exe

  • Size

    60KB

  • MD5

    05d27d3b8ef3f0e6b720b48a4ac95197

  • SHA1

    1cd1bf3183db924a4199329411009ce7d008a4b8

  • SHA256

    9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26

  • SHA512

    a3d23dc1835cb46cb84cf7b6541da919a1a70b93fb2395404a34a8ee90302c27728ef3bbcd749a879f484e302ecedd350a9afe006ac74212766db94376be4d77

  • SSDEEP

    768:dMVOQl0KWwJ917vmdox7CflsQSsgUV9d+6DAOESj6Zz6ZjkfZa8g0FO:iqK9JWdox7C9sQ59d1EOERO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe
    "C:\Users\Admin\AppData\Local\Temp\05d27d3b8ef3f0e6b720b48a4ac95197.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\SysWOW64\agetlkeyls.exe
      "C:\Windows\system32\agetlkeyls.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\psapi.lib

    Filesize

    19KB

    MD5

    a5b1b1f7c2c51ff400d93ae63f484d96

    SHA1

    5f038003bf8851254ba577db5d8dfd69c1085c33

    SHA256

    35b1d2d2bc5c531d49aa3550de5c19bd5f4ebe79c594c6f5000d6de28b2621bf

    SHA512

    90c2145b39611bd1406c513dff16366a51e86e8831c34ab15f650e6620a75533e800db056dda2e7e176fac8b20cd0be76bc1725b45930b31595d4aac00da4eec

  • \Windows\SysWOW64\agetlkeyls.exe

    Filesize

    60KB

    MD5

    05d27d3b8ef3f0e6b720b48a4ac95197

    SHA1

    1cd1bf3183db924a4199329411009ce7d008a4b8

    SHA256

    9a158e093959105e381fe82ace28d4b85a67334395aabb85ad1bf3cd3b2dcf26

    SHA512

    a3d23dc1835cb46cb84cf7b6541da919a1a70b93fb2395404a34a8ee90302c27728ef3bbcd749a879f484e302ecedd350a9afe006ac74212766db94376be4d77