Overview

overview

10

Static

static

3

01b3c37b7e...81.exe

windows7-x64

10

01b3c37b7e...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 17:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    01b3c37b7e00f0c62aafce1a209e9a81.exe

  • Size

    135KB

  • MD5

    01b3c37b7e00f0c62aafce1a209e9a81

  • SHA1

    e66bdfdd8b5ff95ef773d6620e6527f0a7b8fb1d

  • SHA256

    39c30060191d8b1f133abd6281046714754444a3217de25f7ff2627e8c236311

  • SHA512

    50d7073241dad2afb554e595c6121b4eacedb94644a9b4329e99eee4c3c81d8f0425872bb9d69f7a2f233b3b655da853e183b96be44fb6fbe24cb06f021e1dae

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVXh:UVqoCl/YgjxEufVU0TbTyDDalRh

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01b3c37b7e00f0c62aafce1a209e9a81.exe
    "C:\Users\Admin\AppData\Local\Temp\01b3c37b7e00f0c62aafce1a209e9a81.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3672
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:220
  • \??\c:\windows\resources\spoolsv.exe
    c:\windows\resources\spoolsv.exe PR
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:4324
  • \??\c:\windows\resources\svchost.exe
    c:\windows\resources\svchost.exe
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Executes dropped EXE
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:100
  • \??\c:\windows\resources\spoolsv.exe
    c:\windows\resources\spoolsv.exe SE
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3344

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \??\c:\windows\resources\spoolsv.exe
          Filesize

          135KB

          MD5

          557db832d04023abb4ebd7d955eacd3e

          SHA1

          1189ac2ee1b8121fbb2a85a6536710d54502df38

          SHA256

          27aa616a926b9de8b42f39d903fd6634484311850f6bd3cb40a527f51b3aefc2

          SHA512

          c0cd7511d89b4e44a817214ea79f7501abaf26b892519e136808e12835161be8cb80bea8806e52e5d7cee041bca21c72c8628cacc32d730dd61808433d16a03a

          Download Submit

        • \??\c:\windows\resources\themes\explorer.exe
          Filesize

          135KB

          MD5

          0c97910a23129ed312454937519c9fd7

          SHA1

          52fb6738f5452bc21a97151b422685a40afccd6f

          SHA256

          7245c4fbe33ee73dc397c9e99a3331147c6cf0d8d082a343a60dc2846763b2d1

          SHA512

          7cb68aa5c9c7cfd876249dc5925cee888ffa7bb4c645a220f1f1f336a46ed3536fed8b0b4551575adc5978d3e6dda881e8457aad03b2aba1577b9b2b9591d87b

          Download Submit

        • memory/100-25-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3344-34-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3672-0-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3672-35-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4324-33-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download