Overview

overview

10

Static

static

3

112532d162...7a.exe

windows7-x64

10

112532d162...7a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 06:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    112532d1629bc34ede0b3a84092e767a.exe

  • Size

    248KB

  • MD5

    112532d1629bc34ede0b3a84092e767a

  • SHA1

    b3c90b431fd0055b67b76d5ff5052b26e0c656d5

  • SHA256

    6bdf1add93b8ec529b644aa5665d117b2e51a3e68b419d650ed0dc8dd9ce4ef0

  • SHA512

    564e358f0e4477e844b57f905afe249ee0e01054c8ec6e05ba7f35835286241a3727c12c24e552dc407aaf86ce41d0379c47ef8a461a02ea345c74c24baad977

  • SSDEEP

    3072:0/vfFph32Uu+WoxsUr6/iVr0VsxJ//g/nk1/J/////Q////q/////2///SIM///0:0Xf

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\112532d1629bc34ede0b3a84092e767a.exe
    "C:\Users\Admin\AppData\Local\Temp\112532d1629bc34ede0b3a84092e767a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Users\Admin\vpfoz.exe
      "C:\Users\Admin\vpfoz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vpfoz.exe
    Filesize

    248KB

    MD5

    ba843bb98f560cc4d4d4f665918b021d

    SHA1

    ffa3c1e7dc129b74bf6ba674e636c34fb1f58b74

    SHA256

    9adb83e9e34678b23cf6310be0904bcc64e352c5c7b0f9fa1512144cc0f4fae8

    SHA512

    8b0369a080907dd3b6d8e390ef7595837eb9e5b0d60d8ae6b716238fd849d792c549675ab93dfc6adf10793004667ef928d6867120e628b8159a27cd4b519c78

    Download Submit