7325f355d4b5906dfd97cf943e17ba4921c30bc8e54925128542267e9d287bb8

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2921d2e2f6f10c0c69a4b09a100b466c.exe
Size

73KB
MD5

2921d2e2f6f10c0c69a4b09a100b466c
SHA1

df9eff8e2fe1013fcd67f19c5cd3b32afa052c90
SHA256

7325f355d4b5906dfd97cf943e17ba4921c30bc8e54925128542267e9d287bb8
SHA512

a8d60a70585bfe8698452f780450162276231c3a8387aea76b111a151c33f509432439f924a839c7cfa4d5951cc3b621d151a8d8a4d8a6c55bb15504f6d5c3bc
SSDEEP

1536:hkb2IcfkBPc0Vi+9yfZFeuHB7z5iIzZB9tadyHGrjNb/fw1EzFccHM:sGkBPXyfZFeEAINwP5bnwizFc6

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4700	2921d2e2f6f10c0c69a4b09a100b466c.exe
4700	2921d2e2f6f10c0c69a4b09a100b466c.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	2921d2e2f6f10c0c69a4b09a100b466c.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	2921d2e2f6f10c0c69a4b09a100b466c.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	2921d2e2f6f10c0c69a4b09a100b466c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	2921d2e2f6f10c0c69a4b09a100b466c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	2921d2e2f6f10c0c69a4b09a100b466c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	2921d2e2f6f10c0c69a4b09a100b466c.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	2921d2e2f6f10c0c69a4b09a100b466c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4700	2921d2e2f6f10c0c69a4b09a100b466c.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 2696	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	25
PID 4700 wrote to memory of 2696	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	25
PID 4700 wrote to memory of 2696	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	25
PID 4700 wrote to memory of 2780	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	101
PID 4700 wrote to memory of 2780	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	101
PID 4700 wrote to memory of 2780	4700	2921d2e2f6f10c0c69a4b09a100b466c.exe	101

C:\Users\Admin\AppData\Local\Temp\2921d2e2f6f10c0c69a4b09a100b466c.exe
"C:\Users\Admin\AppData\Local\Temp\2921d2e2f6f10c0c69a4b09a100b466c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:2696
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:2780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
52B

MD5
37bea013e7195124786b42202e06d57c

SHA1
7d53367f1228d21fc50de0fcc1bf56bed115a1bf

SHA256
d6e9366ca4a271dbc7d78aa0eaa75b86d2c4ac5c4e11026b057a8ec880057b84

SHA512
2ffd30d0c0ac5eee2d1b40425e22d2a4f0888a1bece15be45b3ba4b100cde4c3f0a1e983d8f28e7a0e2ce97f23fc4da3d928635b04d858194124605e0f8514dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
41B

MD5
5f749e491b2837428177939d86e61bfe

SHA1
c3298f0c3f76c24c770d0a3d4be4f75c9ba81cec

SHA256
008fcb52695195b64a31b9523f501faeddce2c957b655000e92789736acc6274

SHA512
adf21ea7f28ce7ac4e77270d20fdbac3d6a749026d3e798fe095c2de755f17730c2fbecc100e20015ab18fc9289cd6c35fb030c3a6ae18ccb5c59e1bcbde27f4

Download Submit
C:\Windows\debug\B831406A9770.dll

Filesize
154KB

MD5
80a96986759fae45eec758eb928d61b5

SHA1
1299058153fa378b555ca4fab8b4967d836ada21

SHA256
e8c2cce6781030f176b7ff7d8bf8e421c037c14e8e734b4d1b4d86705b2db5b7

SHA512
d406bd5e2cf430dd03d933e6db5abd9421a77f5fc2300f2ab6ee8b38d1e2c5bee6584a2b74d7b641049503cd0aa4a83ae0152c6513035d984c86b467a8fbf0b5

Download Submit
C:\Windows\debug\B831406A9770.dll

Filesize
24KB

MD5
6708305c5e644a7bf25c2f7fe81fb51d

SHA1
b7c0b937dc0079edd5d6f4813dfe6276a2e351ed

SHA256
5783bd71f2a0508a3eb940b5d40484db7013ca987062dae8e64632014c19095c

SHA512
592066fc2d8c4f944b579e498072c345efcf99a74da92c34da15c845766eae1d97e2b89f311133b3766ad8e95c2f9b97e12f81344ee8a0c6a6da74a431ab7331

Download Submit
memory/4700-0-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4700-12-0x00000000005D0000-0x00000000005FB000-memory.dmp

Filesize
172KB

Download
memory/4700-15-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4700-16-0x00000000005D0000-0x00000000005FB000-memory.dmp

Filesize
172KB

Download
memory/4700-17-0x00000000005D0000-0x00000000005FB000-memory.dmp

Filesize
172KB

Download