Overview

overview

6

Static

static

3

1506ded1ca...76.exe

windows7-x64

6

1506ded1ca...76.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 09:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1506ded1cacbe7993d96e5e135f9a676.exe

  • Size

    513KB

  • MD5

    1506ded1cacbe7993d96e5e135f9a676

  • SHA1

    870ead06b3c4b8dcd8453921d12746c744cb2faf

  • SHA256

    ed3d57a2e1a348b3b6e0fb24b4e9c0dca3c9b3ce7c79a8ba85ebf83933678f32

  • SHA512

    6aaf0590ba308a45ea290fc44985227197f635130ca4521934f1489ce90aaa7535e25cd04dc81dcded159a2885b3939ee8373a0872762623b17a28069bf25b47

  • SSDEEP

    6144:JAz1LjzxG3uRKeFcR1YKeRwLfdnDSTrmqUNUsrGpYDmB6HEegzJSrCvMtuYCdTj5:ORzxG3uRTFMawTcvmqRYqB6OSrqtjoG

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1506ded1cacbe7993d96e5e135f9a676.exe
    "C:\Users\Admin\AppData\Local\Temp\1506ded1cacbe7993d96e5e135f9a676.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2852-0-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2852-1-0x0000000000400000-0x0000000000489000-memory.dmp

          Filesize

          548KB

          Download

        • memory/2852-3-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download