Overview

overview

10

Static

static

3

01b300eed1...b3.exe

windows7-x64

10

01b300eed1...b3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01b300eed1a720f8a74c346613e255b3.exe

  • Size

    296KB

  • MD5

    01b300eed1a720f8a74c346613e255b3

  • SHA1

    52584fbfb3d381dc459f64ec7336d6a240dc6e19

  • SHA256

    990a1f95e18d340e8755bd0f78626d7acb9324982b7eb92d318d7e2ed3a25122

  • SHA512

    a72f788da52bf7e719840eac21ddb6afd4cde286e35f1ee607a3a2ef720f153cbc6e865f0ceec7702555d98be97950dde37a77e736ca04115f39d95303b93a59

  • SSDEEP

    3072:AyeeHazh7sAFEouHwbBAW4hXNzcd6HFfak/K4jaU3bxK25M:Athz/FEouH+BAi4HFfAgLju

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01b300eed1a720f8a74c346613e255b3.exe
    "C:\Users\Admin\AppData\Local\Temp\01b300eed1a720f8a74c346613e255b3.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\rdyuuv.exe
      "C:\Users\Admin\rdyuuv.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\rdyuuv.exe
    Filesize

    225KB

    MD5

    9e6830765627c6363c3fb8224c36cc6f

    SHA1

    f33bde0f27c60d9d0e31d150fa196d3a7999450f

    SHA256

    6073251b133c1c4b3d9a07cd89bb2cb25dd537beb12cc699ac4885d5e596d641

    SHA512

    31ebc9b4ed9d1ddebd24b1c70d15981850d1004c0c8332a554a2370d1ac0f1a5d95cb112a2b865d34751a49244a44ffae118720b8ee17318d0c2635dc62315bb

    Download Submit

  • C:\Users\Admin\rdyuuv.exe
    Filesize

    237KB

    MD5

    241051d0d928f23f101f3fd2a182522f

    SHA1

    efbd0a19ea5f262059069d70fe7b3e75b290d3e7

    SHA256

    e6482c582fad86f5beca671491db46468af048f2992b4034ea38eba49d521edf

    SHA512

    e4ce4d99099e57f0b661536468e9ead96f13bd52bcccb95253c2e0786df0ab56a08bf263ca7198670585ad8d7189270764afffb8cbf31ff2783c5af11dfb7953

    Download Submit

  • C:\Users\Admin\rdyuuv.exe
    Filesize

    200KB

    MD5

    ddb4bdec819d6adc0540cdd92285331a

    SHA1

    6bb3c6b9709301e7230a50d41229340720d9cd66

    SHA256

    e4174aa7af2990367c3821224c8d9c44a8e8116a1dbe7afc4a242255882336e6

    SHA512

    4e5852a60ec764bda2ed3b0c9e65cab9d619a1888f1b0dd46f586bd89eb867ac654b1507c222fbb3c455004e99ea4bd104a8831ed519b82c7ccaf11a80884a2f

    Download Submit

  • \Users\Admin\rdyuuv.exe
    Filesize

    296KB

    MD5

    28a2bf6f20b2ee9cbf44e0ae829f5df1

    SHA1

    8749ae60afa422ce0838c3e0269091affcdbeb69

    SHA256

    16cad7bfab2150575c08aeb8fac654eec8a777fdda26f30d9ec3dfffa39f9465

    SHA512

    cf6e88b49aa13fac859feff651298090a8847150f71f18effad836edcdb3bf69b71b2fb9016d5debd2b2b95d6e87983861b4dd678a7fa19782b5afba6f4a56a7

    Download Submit

  • \Users\Admin\rdyuuv.exe
    Filesize

    184KB

    MD5

    ae94d3dd55bc88401c48e9e3b59be219

    SHA1

    31520d11def9f6ca9d137092a2589df9aabb27ca

    SHA256

    734db4a03be3c0141260b0e04712ba1dce2da7511202f88999724158d1f6873b

    SHA512

    9004b8651db96980606157d0bab03ed61d924ba0b8ae045189851b3d59ddcc69f0644edc34479a2879ff823d070c7b37daa78ecce7c3be622a83b1a714a17682

    Download Submit