Overview

overview

7

Static

static

1

1fe2c5a712...8b.exe

windows7-x64

7

1fe2c5a712...8b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 23:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fe2c5a7121acc1e42dfa3fb67eaac8b.exe

  • Size

    135KB

  • MD5

    1fe2c5a7121acc1e42dfa3fb67eaac8b

  • SHA1

    afd8d01c6f3d434006e698c0910452db022cb980

  • SHA256

    080e57d9589bd4bafab6185f089798b6a7f71117d7a6cda1ba3912c16d2e68a5

  • SHA512

    7f0236c414909342a9a9c5e2daeab49a280f80a0c7565cb02c9c50e07b534a57031d92df0bb3c5cc59ebad76b27666ac3c1804dfc4babdb62c6373ada68149ae

  • SSDEEP

    3072:LgXdZt9P6D3XJ5mhey9tke1o26qKxc9ZC+Ej2Fni+1si:Le34eeetke1o2Y4YqSi

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fe2c5a7121acc1e42dfa3fb67eaac8b.exe
    "C:\Users\Admin\AppData\Local\Temp\1fe2c5a7121acc1e42dfa3fb67eaac8b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4348
    • C:\Program Files (x86)\Windowlet\wletins.exe
      "C:\Program Files (x86)\Windowlet\wletins.exe" C:\Users\Admin\AppData\Local\Temp\1fe2c5a7121acc1e42dfa3fb67eaac8b.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      PID:3144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Windowlet\wletins.exe
    Filesize

    42KB

    MD5

    06eadcee6bac62610c7156bbcc0c21e6

    SHA1

    add010da57e22cf292b534a864908277e49dd2dc

    SHA256

    034d48e5b49f54e90a468860301ea14880d1c97ea79f138c054a8c50c37e0e8e

    SHA512

    69088d2f8adff9fcfe0e2123d51f92c019816ff9bb945b528a7bf695474cc705cfc7e0805a85889d761962aae685309f95404e662d65a0eb072f7ffdc7c07fa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsb496E.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit