Overview

overview

10

Static

static

3

030372cf50...91.exe

windows7-x64

10

030372cf50...91.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    030372cf501ce4b666bd911751c5e691.exe

  • Size

    180KB

  • MD5

    030372cf501ce4b666bd911751c5e691

  • SHA1

    77c0b2711f082160e6a3fcb0e8817a2f87b60825

  • SHA256

    ace9b3c59c29dc16cad3a7c62ee5315bd7f2cc6a20bb512846649bf6fe8bfa97

  • SHA512

    4d1f8dd342d9b0f77119b23a5b466a040f211f2693d77d45d2b403ea629f486abbd43053532106816cb8185a208c4e4136e31943b6a9013fd07ff6a2b42dff50

  • SSDEEP

    3072:T/iu7ehhNrWlAIJqPYNbihKovbAM4VkRvjCKuz3EwBT3edZlSL6aOuTOunpE7bVT:L5uhNrWlAIJqPYNbihRzrNvjITEeedZL

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\030372cf501ce4b666bd911751c5e691.exe
    "C:\Users\Admin\AppData\Local\Temp\030372cf501ce4b666bd911751c5e691.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Users\Admin\boono.exe
      "C:\Users\Admin\boono.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2436

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\boono.exe
    Filesize

    180KB

    MD5

    48c5d3361b75a28ca1d9210469eafc31

    SHA1

    6844fd7856c9604704a488a0619ebb20eb354c20

    SHA256

    e0facfc44338b214c7ec71b81db4d5690558650f285da5696d0a948da846985e

    SHA512

    95a3048bc4ea6acb5033beff0694b029a6e00c8cd77aca03fc7a586138a70142875b827e2900167ecdd7756512544f449b39ba4fc69040de24e4fbe1269acb11

    Download Submit