Overview

overview

10

Static

static

3

06eba72841...e8.exe

windows7-x64

10

06eba72841...e8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 16:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06eba72841ac172379cd2d2c137ec5e8.exe

  • Size

    152KB

  • MD5

    06eba72841ac172379cd2d2c137ec5e8

  • SHA1

    027de096f10c982d7db4f26dc20375623f1f61c3

  • SHA256

    61d97c95c3bdc62dc5f4bcc43306576b709b526b93b71958e53f9d8fa06824f4

  • SHA512

    f9078b519571cfc7690c5ebd07f59f1ee9b750c4f2b0c1faa92c7b9916dc19a6f16a1ac59c28f78d9b01b2405564153d21d62e8738f0e576ae5b9b8447cbf4c6

  • SSDEEP

    3072:V5EG3HCzwrCaHHvhtbz0wXtV2eZDEUXni7fo7KSif8xWM33r3k1jTCZU4oQZiEgv:sGXCzwrCW/0AHa8nuo7KSif8xWM33r3Q

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06eba72841ac172379cd2d2c137ec5e8.exe
    "C:\Users\Admin\AppData\Local\Temp\06eba72841ac172379cd2d2c137ec5e8.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\doemer.exe
      "C:\Users\Admin\doemer.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\doemer.exe
    Filesize

    4KB

    MD5

    1375eeb0b46bb4c4ee1a256f992e7488

    SHA1

    099981d365ee454b7d71291c341ae3bdd07cbf9a

    SHA256

    87de24106814b9779e68f4f47aefc2d86a0664747560ce589be9cfd8f176d455

    SHA512

    da3a86f6e5a8b59ef7a0a051d83f3f5a06c7c592018563ea1f2c2efd8ee9966a40a0851d860ffb42c71f52ac6dea2fe615b583438313ed98ededb81508bd7885

    Download Submit

  • C:\Users\Admin\doemer.exe
    Filesize

    47KB

    MD5

    3ac90b97db5fba6fd9ebc0a3256c6927

    SHA1

    17cfe21f23a1a594888449cdd7876fe666c3a294

    SHA256

    180ca635343aecb05ec73d60e85c6f1ad2e7e723010f508f3365f536d948256f

    SHA512

    e6269bc5039925665b8de9e2bd340639ad0424f2546b33a64231ffc7afc28c6a3afcc08599aa55b67443b23e4ecf31ba2ef710255caad29147bfbbc6596037e0

    Download Submit

  • \Users\Admin\doemer.exe
    Filesize

    1KB

    MD5

    280568ece8fc0424b1f8e0773046eda2

    SHA1

    d2deedcf4dfe40d7f50a0864afe6ecce2dc836a1

    SHA256

    6cb0fb92db8d20835aa5b9c14afcced9c53d5e9bf445c4592580a611270b853e

    SHA512

    d94b93f7929559baedfbd7c26d95f35aaad283dd8449220b92a8b226faf87f079acfc5e5c65616ab654c50b16c32defa6b7b27c2fdb47ae89ce491e60a9e5b8c

    Download Submit

  • \Users\Admin\doemer.exe
    Filesize

    7KB

    MD5

    be1bec994203ee4fa7e8545ffe4442b8

    SHA1

    8f1cb55f21f25e3dcc5daa61f838609f6c570e44

    SHA256

    a40e46d461fa75438dcf9bef2e8030553dafd83fd9611b03bb4496c718efd460

    SHA512

    d9d941109bbf557a348e2138ce68949a976320ad8fc5e1fc66f8f91e44081466808d644e1033e5f3e39774834d07cea9be83c5a263f5306f40ccd732e4d927e3

    Download Submit