c23a88218aefda1bfd2da60e61168a65302a0553bc89decb7f009327dc6efee1

Analysis

max time kernel
152s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02edae91d80c962fdbf656ed689f9dcd.exe
Size

73KB
MD5

02edae91d80c962fdbf656ed689f9dcd
SHA1

2186fada01cc536bbf3684e36c6abe541358b24d
SHA256

c23a88218aefda1bfd2da60e61168a65302a0553bc89decb7f009327dc6efee1
SHA512

8a8f17536f21382bceb61760e69314acd4d3aab2c3b6538cc6811266ff1b92576e17f4362e12b1227e3eb34d054a7900bbd8f24c53b284a04349b5d9d9f27365
SSDEEP

1536:RoIyF4R9jdKJRc0BkTBik2LtpsBTpWb8+uGOwdpSeOHF4iUMOida+2IJRy:RoIjjxcc0a4ITpWQ+rOw9OHF4dP4iIJY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2116	02edae91d80c962fdbf656ed689f9dcd.exe
2116	02edae91d80c962fdbf656ed689f9dcd.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	02edae91d80c962fdbf656ed689f9dcd.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	02edae91d80c962fdbf656ed689f9dcd.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	02edae91d80c962fdbf656ed689f9dcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	02edae91d80c962fdbf656ed689f9dcd.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	02edae91d80c962fdbf656ed689f9dcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	02edae91d80c962fdbf656ed689f9dcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	02edae91d80c962fdbf656ed689f9dcd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2116	02edae91d80c962fdbf656ed689f9dcd.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3440	2116	02edae91d80c962fdbf656ed689f9dcd.exe	91
PID 2116 wrote to memory of 3440	2116	02edae91d80c962fdbf656ed689f9dcd.exe	91
PID 2116 wrote to memory of 3440	2116	02edae91d80c962fdbf656ed689f9dcd.exe	91
PID 2116 wrote to memory of 1272	2116	02edae91d80c962fdbf656ed689f9dcd.exe	96
PID 2116 wrote to memory of 1272	2116	02edae91d80c962fdbf656ed689f9dcd.exe	96
PID 2116 wrote to memory of 1272	2116	02edae91d80c962fdbf656ed689f9dcd.exe	96

C:\Users\Admin\AppData\Local\Temp\02edae91d80c962fdbf656ed689f9dcd.exe
"C:\Users\Admin\AppData\Local\Temp\02edae91d80c962fdbf656ed689f9dcd.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:3440
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:1272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
65B

MD5
f8226423d98f394d311a2eb302ac14db

SHA1
a8f707f53508f039f32cfbe6f503683efea5f933

SHA256
a099e7ec527e7951b919e5941bcd3f39a17e44c19fb6d255071500687ea10ff4

SHA512
c015fb5bcded529502234dd02af7165d6841792ebda9458f18b3057b96331b617e212e0b9916a2fb7d85933a44efa46cd88621c658264e1afd22650a20ae1ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
64B

MD5
50c0e5c4b82bc2b5919ec38203c99e54

SHA1
d006b1bc8b0a10d9d8a2931be147376e3a091ef2

SHA256
0e943c80faf31369e5e541d1964dd300a849d8653cc02e52b28ca858e79ac014

SHA512
6722d4f7e479d7a9ffff064647669b526b7d24b5f27e0097868c9283df48e8330117a04986c3ff2617ac14e8e0a37fff8532913b9b568d54dc22a8546faeb0e9

Download Submit
C:\Windows\Help\F3C74E3FA248.dll

Filesize
59KB

MD5
634146b344984452f0de80471de29e09

SHA1
e91ea5a7b6c397a771321aa9d9405ed665116fe0

SHA256
869b2d17eb352a93520bffc451c007e2e3fd67f90116b464fcc722a03b6ce797

SHA512
0ab63db4b9ecb20055f82aa383a5b3a8c10085169564e62080618056344489db7e8fb65b3c1c646255ec46842e29577bb2bc049ce8a8b9fb6e1d6e34c356d3bb

Download Submit
memory/2116-2-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2116-6-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2116-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2116-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2116-15-0x00000000005E0000-0x000000000061A000-memory.dmp

Filesize
232KB

Download
memory/2116-19-0x00000000005E0000-0x000000000061A000-memory.dmp

Filesize
232KB

Download
memory/2116-18-0x00000000005E0000-0x000000000061A000-memory.dmp

Filesize
232KB

Download
memory/2116-20-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download
memory/2116-21-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2116-22-0x00000000005E0000-0x000000000061A000-memory.dmp

Filesize
232KB

Download
memory/2116-23-0x0000000000620000-0x0000000000621000-memory.dmp

Filesize
4KB

Download