Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
29-12-2023 18:43
General
-
Target
00d1b64ce6b6881c746a398aa7b456d6.exe
-
Size
18KB
-
MD5
00d1b64ce6b6881c746a398aa7b456d6
-
SHA1
0a3ab82ff9c2763a2e1ff37b8d892def40bd60b0
-
SHA256
10fb408e96a6285c3abe85673a2ebcf5c140849fbf7d6465104361d39e32e87c
-
SHA512
e834bf7eb3cdd037f5b9187734e4c05b094948cae4ae9a057ffd84a3279a9d1532772f4da1ae885d25c3e20cb50e4451eca10df15fc1d858bd868fc75d23dd90
-
SSDEEP
384:rMj7FEQcOIaX5n5ywt8dww+RgoOQckr0fnS+vFFX4dI3VjGAa9miusLuf3nA:IiQcOvd5f4wv3gkQvS43X4dI3BG99miM
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\00d1b64ce6b6881c746a398aa7b456d6.exe"C:\Users\Admin\AppData\Local\Temp\00d1b64ce6b6881c746a398aa7b456d6.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31KB
MD529325fbc58167d6a4271cae54a2d861d
SHA10851b4342fc48522693b2cc19095f98f86cd40aa
SHA256bd3bf0543368f5894e99dc0a08d7febc754281189f5180399cd910a3f2cec800
SHA512a9dd872e67870102184025e09ec240fe693b644238d51db434e09889e806488286c05dd806adb38fa31fcf4d664d89c8218b68895838bed1dea7e12a517bd6b6
-
Filesize
4KB
-
Filesize
100KB
-
Filesize
100KB
-
Filesize
44KB