96ac8cadc14c31955322e5f8a8980f306e516b97729d8ce0e607d05fe9e28fc0

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18b61b80ee44432870b2ae2302bf996d.exe
Size

110KB
MD5

18b61b80ee44432870b2ae2302bf996d
SHA1

47c924f13b700400b1f4c4660d68a9e1bdc820b0
SHA256

96ac8cadc14c31955322e5f8a8980f306e516b97729d8ce0e607d05fe9e28fc0
SHA512

0359866ef60acf877eb6f533f7f758e5e5dda5dd7ac12cf607ff9eccc4b723c6770f0db2c8841579a7e9db7666a23c3d28d9d6904fb0640d6635864d443cd4cc
SSDEEP

1536:5RowYKXyGbnbdbmonsrY+HhXpoQKuFRiP4Diz4cT2J9mNMr8tzUsdTAHCf390aM:5dXPEoobvKuFRy7yJYw0zVGHy9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2508	18b61b80ee44432870b2ae2302bf996d.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	18b61b80ee44432870b2ae2302bf996d.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	18b61b80ee44432870b2ae2302bf996d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	18b61b80ee44432870b2ae2302bf996d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	18b61b80ee44432870b2ae2302bf996d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	18b61b80ee44432870b2ae2302bf996d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	18b61b80ee44432870b2ae2302bf996d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	18b61b80ee44432870b2ae2302bf996d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2508	18b61b80ee44432870b2ae2302bf996d.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2676	2508	18b61b80ee44432870b2ae2302bf996d.exe	29
PID 2508 wrote to memory of 2676	2508	18b61b80ee44432870b2ae2302bf996d.exe	29
PID 2508 wrote to memory of 2676	2508	18b61b80ee44432870b2ae2302bf996d.exe	29
PID 2508 wrote to memory of 2676	2508	18b61b80ee44432870b2ae2302bf996d.exe	29
PID 2508 wrote to memory of 2936	2508	18b61b80ee44432870b2ae2302bf996d.exe	30
PID 2508 wrote to memory of 2936	2508	18b61b80ee44432870b2ae2302bf996d.exe	30
PID 2508 wrote to memory of 2936	2508	18b61b80ee44432870b2ae2302bf996d.exe	30
PID 2508 wrote to memory of 2936	2508	18b61b80ee44432870b2ae2302bf996d.exe	30

C:\Users\Admin\AppData\Local\Temp\18b61b80ee44432870b2ae2302bf996d.exe
"C:\Users\Admin\AppData\Local\Temp\18b61b80ee44432870b2ae2302bf996d.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:2676
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
41B

MD5
ba7fbc1af9676442d6da5bdb5afe813c

SHA1
151f5f221a3e02f9e51a8cb20495416b79da4c04

SHA256
ffac204151edc4de9316c4416df635cd0d68a1d4b33125e6bf32209b0f879816

SHA512
94338b36552b9b5f9772b735ebfb8dce8d750ce3c81996f2cd052d0f1e0d9010366d6b711340356506f81d4cd875c8cb0ee71ab0d5c77e22ab9d98893cc70edd

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
52B

MD5
79f485589be6c5807d897f83641c45f5

SHA1
cf89f8962cbb25c0a22949e6956b2f7340680f59

SHA256
7ac89c9449bb50e781081d1bee95b39f786553f79ae651638097748f926ff2ec

SHA512
409cf520741545b8674b9a2164741a0a1b00057162ee084f02e0752880995df7494ba1cbc8fedb30cae21c42b8d16cb28d9063d915732c967fdacae12b732278

Download Submit
\Windows\debug\B831406A9770.dll

Filesize
188KB

MD5
c76dd2354c36caa6e0b1a712edc5898e

SHA1
74ead1afed3593ab38134ac8d9ddeb46544efbf5

SHA256
3c126bfb90126b14460e85ea28e6f8c0a8254da9d1c5cc90663f5696cbb9d51c

SHA512
6174948c0cca862ee0ab3605b034eb6bc19e4fdd0d1b3d90945a3d8740467cd95e399d2d6d724be5b6a951383823d9beaabe38994e99bc5dc8efe05b9a43eb34

Download Submit
memory/2508-9-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2508-8-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2508-1-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2508-22-0x0000000000230000-0x0000000000265000-memory.dmp

Filesize
212KB

Download
memory/2508-26-0x0000000000230000-0x0000000000265000-memory.dmp

Filesize
212KB

Download
memory/2508-24-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download