Overview

overview

10

Static

static

3

1414899745...8b.exe

windows7-x64

10

1414899745...8b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 09:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1414899745a51fbc4a944b94d98d788b.exe

  • Size

    244KB

  • MD5

    1414899745a51fbc4a944b94d98d788b

  • SHA1

    6423e1703f3bc46d480b1422be3c5fb1c82cc683

  • SHA256

    0da7f3696f6be0d279ea7b27a096d411bb24624c6bdfff94cba505c96be9715e

  • SHA512

    c9099cb72264ec1b30e3810797013c9e47b1b9df952fc30137d2b39d192ca80277a8d7a0f085ec5dd51e32dff649de0233fe3bd4b0f745de67538794bcdda0fb

  • SSDEEP

    6144:J5Es5EzPLrs7CZIQtVpoY85spRMWLwDE3C5gn9OD4u9Xb:J5EsALiC2QtVpoU3dyL

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 49 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1414899745a51fbc4a944b94d98d788b.exe
    "C:\Users\Admin\AppData\Local\Temp\1414899745a51fbc4a944b94d98d788b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Users\Admin\laora.exe
      "C:\Users\Admin\laora.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\laora.exe
    Filesize

    53KB

    MD5

    410446bad5a5b8db5ea2d60bee92ddcd

    SHA1

    5fcf0fb8b5d68ac2eeb3346a0e6c292ec371e48d

    SHA256

    018c2481424c34f65f6e7e0bbf641e86053fd6fdad94816f244cc93bc431a9cb

    SHA512

    f2e6f0e56008db3536e2a392b722bba982e697b38c72ffc1dc307c6987060accc484d9268dab324fac9a01b80a6a1c3f84c6bfca62910b3e79bf4559ebc19dce

    Download Submit

  • C:\Users\Admin\laora.exe
    Filesize

    56KB

    MD5

    677f55810f429fda8b8e910d5ea1be9a

    SHA1

    af15f749c38c5a484ef609765d091cb4039f0674

    SHA256

    9e22f001974a07a6668aaa1d71ab2a1185ac9705488a571d8d8ff9fa01d5a463

    SHA512

    a262b837b6628f5069041ede757618e1cda41cdc456cbb4b7ca54d98c98d07614288d65b045c59984e3c9f178d191d6e8cda0d18e60b5899d2febd7c9104060b

    Download Submit

  • C:\Users\Admin\laora.exe
    Filesize

    92KB

    MD5

    cf2560ad41663b7c7805ead4b30e350f

    SHA1

    1493d40fdb87fb5861ab77a3a93539b073947fac

    SHA256

    312edee00b964da9e3d9bb3eafb25c2d2d3fadb5fd99bc2b0d2006919c82eaa4

    SHA512

    8adda11846c6bd8c71f27a15e53d1b83bf1b73879ea2f2c4adc088e12a7a54fae2357a41bb5a9c22cf8d95fb577355571adf4abc03a58d68fd9ef4d5cda59465

    Download Submit

  • \Users\Admin\laora.exe
    Filesize

    151KB

    MD5

    84487c7a357bce839858eb6f9abeae86

    SHA1

    14a3513237814241c1727d505819ac0c224072f6

    SHA256

    d616f38e60c7d5263623898c0cdba31a028f3d92a47005cd952b11ef3217db23

    SHA512

    cd85c29da26021e3d14f1d1095bd8165f564954441a7d5092eb8448345c1c1ed6ed609ef52631b23871604c9de692955ef732b12356615d26ed2e6aa5b5b1f51

    Download Submit

  • \Users\Admin\laora.exe
    Filesize

    90KB

    MD5

    63960d1a68a21c4039eaf24dbc303278

    SHA1

    29176e23d0d64bb26bf9607de3e115351005bcb8

    SHA256

    a6c81031a35a1df9eef3a443cde212a47274d13806ef7f73e64c668e543a6ad4

    SHA512

    cf065e216e996a145ed859db827e4a8d134beab844c36714d94a32ec793f796da4fb1c890f7bb9bc7aaf6c4ec43d275f6d178edf37a27c2ff99dec6c0620b028

    Download Submit