Analysis
-
max time kernel
176s -
max time network
196s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
31/12/2023, 04:07
General
-
Target
277d1d7d66b297cce0bb9a2d9d0731bf.exe
-
Size
59KB
-
MD5
277d1d7d66b297cce0bb9a2d9d0731bf
-
SHA1
2dbc0e7c788157aa4c870da8b8ab7215ae5b5b61
-
SHA256
7f257eebe174997d0d6cf7ff30a49f44fd7b87444482a6c7a0391c4c8444133c
-
SHA512
6fd39f352ad66972b6fbc807eed8394d361ecc89b58a3518a63f26ac1b858071d3da653eb6bac218d5b104fa2fdb22cb91f0f08d16c8c7762390f2a7faa1d67c
-
SSDEEP
1536:OptqGXd9y4AVStezIjsEEeySqKO2xu8GkX:0tJTy4ipzIoEEeySqKON7kX
Score
8/10
Malware Config
Signatures
-
Sets DLL path for service in the registry 2 TTPs 3 IoCs
-
Deletes itself 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\277d1d7d66b297cce0bb9a2d9d0731bf.exe"C:\Users\Admin\AppData\Local\Temp\277d1d7d66b297cce0bb9a2d9d0731bf.exe"1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
-
C:\Windows\SysWOW64\svchost.exeC:\Windows\SysWOW64\svchost.exe -k spoolsv1⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
89KB
MD5f63b86fbd809f653a3fb32bbd09aaeff
SHA16c34ee3339797c6f1d8f71d37f8abc47fb6cf009
SHA25667da6490bf180868c1a5e1ff86b43552a68c9145ad6e6650836749f982bf994e
SHA5122b43fd6542787c218b560ee56de7c982cad155306784d8825656198e074aac441f48d812239bf1da74bf082984c0e8177830e0d1708a1a395917bdf68986f32b