Overview

overview

7

Static

static

3

206d7151ab...1f.exe

windows7-x64

7

206d7151ab...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    206d7151ab2d10a196061caaa6cd821f.exe

  • Size

    56KB

  • MD5

    206d7151ab2d10a196061caaa6cd821f

  • SHA1

    b469bf44d10a1b8b42e7c67ba5164abb2ba47ef0

  • SHA256

    204e11489503499bb5ad6d088af8118d5354478d5332eec7a3d80951ce738382

  • SHA512

    a948256913e38ea7887a6967292ae4a6dc1ee9f8971c61365e032e891d16dc974f14901e29d87f9e268d93f91f6422d32a10ef5beb098296c54e5ffa4197579b

  • SSDEEP

    1536:cpgpHzb9dZVX9fHMvG0D3XJE4Romu/F55511KqQ:qgXdZt9P6D3XJE45or18qQ

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\206d7151ab2d10a196061caaa6cd821f.exe
    "C:\Users\Admin\AppData\Local\Temp\206d7151ab2d10a196061caaa6cd821f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c \DelUS.bat
      2⤵
      • Deletes itself
      PID:2788
    • C:\Users\Admin\AppData\Roaming\setfavh.exe
      C:\Users\Admin\AppData\Roaming\setfavh.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:3016

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\DelUS.bat
          Filesize

          200B

          MD5

          ecf695fe44409d80cb6e0e57f22bb033

          SHA1

          7eb9da8122dbabf67a3584538943ecb619cccf3e

          SHA256

          90d7781c2993453856afc36bf231ed80fcdccf840688394b87e6715f7da6a064

          SHA512

          04f58ec93eb86bfe7eadb20d265f5fe3d16943383f6f59fca225d4382d5273875addace52c20ab40c35656bf758b24478f1ce1df889bffec1429fb4119921c7b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsy121B.tmp\SelfDelete.dll
          Filesize

          24KB

          MD5

          7bf1bd7661385621c7908e36958f582e

          SHA1

          43242d7731c097e95fb96753c8262609ff929410

          SHA256

          c0ad2c13d48c9fe62f898da822a5f08be3bf6c4e2c1c7ffdf7634f2ca4a8859e

          SHA512

          8317af5cc3ac802eb095f3fa8cc71daa1265ca58fead031c07872f3d4bb07663a7002ae734fad392a7617f0923fe0caf1f54ed55afdf8516a6a08e202d86fa7f

          Download Submit

        • \Users\Admin\AppData\Roaming\setfavh.exe
          Filesize

          24KB

          MD5

          39ae3d045bd8be29bebc5e73d1031c06

          SHA1

          f8d88021a3deaa3921a86d04aa00c43ee3c4c45e

          SHA256

          7f035baeea62d47351ff354574d53bca4b4242d8ddf200bbed75b85fe794ad42

          SHA512

          bc2e4773eea1dca26a72bc3389d3bd8b869dc99297f206fe2ee942d96a1d39f373d06b497fcd96af37a38d7a5caf97c8f010188c19203ea596ec194e8c2fee66

          Download Submit

        • \Users\Admin\AppData\Roaming\setfavh.exe
          Filesize

          9KB

          MD5

          f900ab0743c472424303d9302eacdf4f

          SHA1

          e09c50c96b8ada6e66a3a5358c02db6e16d7462a

          SHA256

          22a54bb1e09078a62dcc5df85a56407ade54d131885b19c211a990051627d31e

          SHA512

          ffd184fa0fcd388b01b5caf4818686cdd082792b2c71634153b9a1218584d67ffa91036be6f77ce8b0a8130cd99c59d855db653f35f22c74520431c19f57a3a4

          Download Submit