Overview

overview

10

Static

static

3

268d188d7b...9d.exe

windows7-x64

10

268d188d7b...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    268d188d7b1f70bf429b088ee2ea249d.exe

  • Size

    14KB

  • MD5

    268d188d7b1f70bf429b088ee2ea249d

  • SHA1

    6fcd0f5b0daf293ebb28a358ca4b43a828ca917f

  • SHA256

    f4247e8555a5e4392dbf67566d5a8796741ef259ed1ad17cce7ed9e2d46b35fc

  • SHA512

    7d456dc5518e02dd506ea0f4c162daff36d07e1ecee87c24af4fe8b2ddceb950cb9da5a8b99ea51020a66153e62a1f1873432d46b47defa8610babbd7fbecaa5

  • SSDEEP

    384:ekmIM4hZjFnEsO1jlUs0/mPZR1z5G3lJIh:OuJnEs6mh/a75q2

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\268d188d7b1f70bf429b088ee2ea249d.exe
    "C:\Users\Admin\AppData\Local\Temp\268d188d7b1f70bf429b088ee2ea249d.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\88BF.tmp.bat
      2⤵
      • Deletes itself
      PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\88BF.tmp.bat
    Filesize

    179B

    MD5

    9883c33929174aafc7e25c72c1cb19b2

    SHA1

    4a3d9c8c7676d61a3905c859a719c81dfbeb9abd

    SHA256

    a460a73e8929716ac524c56b05bd68acc5ed29c4ab67808c3b6bba40c5923c9a

    SHA512

    cda5f6fd8f7bdbc07e4437980dab422d64fa21905db9ea7b2924623fa3cd1135975659c677264b9fe082a352a8ba5f27f72f97900467de6f9a5af50129991bc5

    Download Submit

  • C:\Windows\SysWOW64\gdjyicnt.tmp
    Filesize

    640KB

    MD5

    cfd8e549ba077d0e28d75c389accc30e

    SHA1

    79a2b9ceaac3300ce21c8cdb195993c9f42aabca

    SHA256

    0b7d55811aec5ffe542867e58461e9d78b070697a2640b61ffb5885458594335

    SHA512

    53e1f3912bd4b9dcd257e1896058aaf077bd135b36654ec8736bde480b6c38c5a1e94ff9b2df2e1dfcea6c773d7af07097b47d97a10426252b94db71225bdf11

    Download Submit

  • \Windows\SysWOW64\gdjyicnt.dll
    Filesize

    448KB

    MD5

    faccab5a0426c2547192b2a350fd3208

    SHA1

    29680b4f3b5ee0a6d303f856cb2927292dcb00da

    SHA256

    2e9a73192727aadf2f986ea32df164b146c07cf5745da2732537344f74f0cf01

    SHA512

    a2c1dc501a23dcc972b87ede0975c4324d9ac34502fd6813a38fb319766aa85c18cc80e1ebc822f66a67a2c61fedc329602b52889a02bf1250d79f0a9357c152

    Download Submit

  • memory/2932-12-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2932-21-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download