Analysis
-
max time kernel
141s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 04:59
Static task
static1
Behavioral task
behavioral1
Sample
2921d2e2f6f10c0c69a4b09a100b466c.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2921d2e2f6f10c0c69a4b09a100b466c.exe
Resource
win10v2004-20231215-en
General
-
Target
2921d2e2f6f10c0c69a4b09a100b466c.exe
-
Size
73KB
-
MD5
2921d2e2f6f10c0c69a4b09a100b466c
-
SHA1
df9eff8e2fe1013fcd67f19c5cd3b32afa052c90
-
SHA256
7325f355d4b5906dfd97cf943e17ba4921c30bc8e54925128542267e9d287bb8
-
SHA512
a8d60a70585bfe8698452f780450162276231c3a8387aea76b111a151c33f509432439f924a839c7cfa4d5951cc3b621d151a8d8a4d8a6c55bb15504f6d5c3bc
-
SSDEEP
1536:hkb2IcfkBPc0Vi+9yfZFeuHB7z5iIzZB9tadyHGrjNb/fw1EzFccHM:sGkBPXyfZFeEAINwP5bnwizFc6
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\Debug\B831406A9770.dll 2921d2e2f6f10c0c69a4b09a100b466c.exe File opened for modification C:\Windows\Debug\B831406A9770.dll 2921d2e2f6f10c0c69a4b09a100b466c.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32 2921d2e2f6f10c0c69a4b09a100b466c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll" 2921d2e2f6f10c0c69a4b09a100b466c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT" 2921d2e2f6f10c0c69a4b09a100b466c.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117} 2921d2e2f6f10c0c69a4b09a100b466c.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf" 2921d2e2f6f10c0c69a4b09a100b466c.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2160 wrote to memory of 2884 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 16 PID 2160 wrote to memory of 2884 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 16 PID 2160 wrote to memory of 2884 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 16 PID 2160 wrote to memory of 2884 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 16 PID 2160 wrote to memory of 2976 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 31 PID 2160 wrote to memory of 2976 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 31 PID 2160 wrote to memory of 2976 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 31 PID 2160 wrote to memory of 2976 2160 2921d2e2f6f10c0c69a4b09a100b466c.exe 31
Processes
-
C:\Windows\SysWOW64\cmd.execmd /c 2.bat1⤵PID:2884
-
C:\Users\Admin\AppData\Local\Temp\2921d2e2f6f10c0c69a4b09a100b466c.exe"C:\Users\Admin\AppData\Local\Temp\2921d2e2f6f10c0c69a4b09a100b466c.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Windows\SysWOW64\cmd.execmd /c 2.bat2⤵PID:2976
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41B
MD55f749e491b2837428177939d86e61bfe
SHA1c3298f0c3f76c24c770d0a3d4be4f75c9ba81cec
SHA256008fcb52695195b64a31b9523f501faeddce2c957b655000e92789736acc6274
SHA512adf21ea7f28ce7ac4e77270d20fdbac3d6a749026d3e798fe095c2de755f17730c2fbecc100e20015ab18fc9289cd6c35fb030c3a6ae18ccb5c59e1bcbde27f4