Overview

overview

10

Static

static

3

18f7d52e72...1e.exe

windows7-x64

10

18f7d52e72...1e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    18f7d52e72db0e916ba28e107e66f61e.exe

  • Size

    55KB

  • MD5

    18f7d52e72db0e916ba28e107e66f61e

  • SHA1

    82d26ffbb00d79ee7a2e39dd837b633f52cacf2b

  • SHA256

    26963032aaa66aef29120d0f3453f17159dbd9d604af007a8d8b6fb6f683fec4

  • SHA512

    01508fc088bfc7765f149e0c4079ca972409cea0ea398538549484b05ed566340a788701f8319483d28f65a43ec374a7540347e4a76d208d0ff5cdbecada8733

  • SSDEEP

    768:Oe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJapg4RoSMZeUZB/JeA6al6egZj3Ea:V3cpyORJLuB4P4AJJv4Romu/OvZjHZ

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\18f7d52e72db0e916ba28e107e66f61e.exe
    "C:\Users\Admin\AppData\Local\Temp\18f7d52e72db0e916ba28e107e66f61e.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\ie15\Internat Explorer" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2100
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp.bat" "
      2⤵
      • Deletes itself
      PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp.bat
    Filesize

    186B

    MD5

    00d34d1487362aa8d5fcadd3941041c5

    SHA1

    b65664d025c1006b93aa2ccec2d0d2426e7edff6

    SHA256

    380f2ca322cd9d6318c9b6892c8d15f2641832866079c2be9fb8a5c42e23f3c9

    SHA512

    2ef8ff35b914ad37c02635c230133f6c3b15c142a2422f9ffb3251ef6fca0ee0b089af8f4a202ef946e2892cbf1434e20e2b05eeaeef823d9397a7f8e2fcd2df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst5775.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit