Overview

overview

7

Static

static

3

01fd51c672...02.exe

windows7-x64

7

01fd51c672...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    01fd51c67226376d259c2ce9c8663602.exe

  • Size

    28KB

  • MD5

    01fd51c67226376d259c2ce9c8663602

  • SHA1

    6c30e532495d8f945f8bda268172037835cf43ae

  • SHA256

    8db1d23bd914fe8699b809cc8712b362d2652d2722a369b1becd225d357329fa

  • SHA512

    53e8291a6ab5190a681ac5ab69ac0301d946bf29b473bce4ddc5c3fe7a567eeee1fd84a7e4bf525908d35d904438b75bdbeb3fb3dd0985d7cad084da22dba494

  • SSDEEP

    768:7h0X8nKQKJDkSmfjgNlPY6mpru8PNca9mYVHMRzL2qO:G8nKQKC1rqxmu6hVHMRHK

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01fd51c67226376d259c2ce9c8663602.exe
    "C:\Users\Admin\AppData\Local\Temp\01fd51c67226376d259c2ce9c8663602.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\259398961.txt,M
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:2204
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\1.bat
      2⤵
      • Deletes itself
      PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\1.bat
          Filesize

          180B

          MD5

          dd2e7f6b15219fda5863b8dbe54adb50

          SHA1

          7656784b8af56be0fded72f2de3b829d18807dab

          SHA256

          b425b65a4ba8d1f3507eaf5a8dcc493187ee6a02647a53ee72ffd65c3153ca7e

          SHA512

          40b9705ef5b646cfb13755c97abe15be083736c0a55ba905596b95540760d73b379b60f03a1a389ebf57eaf8c8fb6541b60b0b1c7d845ed1b9bc5619c7129a33

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\259398961.txt
          Filesize

          20KB

          MD5

          a117e69fad75bea541193b0ddc8e7faf

          SHA1

          e02bd1493cb70bf544db38b1812aa927b781e884

          SHA256

          4b07f38a7a7cca0026ab8f76f80e45112e9b8b2c3e90ae6b66c3ad1abf27ee8f

          SHA512

          4846e370b5d7be57adc93101c3ebcabd2ac5b8dbc72dcf02e2de6fd7dee6ae07ff95ac784e0fefd4a155edbbaff90fe1477f1886cdfdd59237a6b016e83cd05e

          Download Submit