Overview

overview

10

Static

static

3

2b0ed275ca...a9.exe

windows7-x64

10

2b0ed275ca...a9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 06:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b0ed275cadb2755f470a82a57a0cda9.exe

  • Size

    14KB

  • MD5

    2b0ed275cadb2755f470a82a57a0cda9

  • SHA1

    3d259dcb648621ad816979f62e552c21b5bce2f7

  • SHA256

    573990441bbafc2e25847db70dc53c595aad061da4f684c71b33e4d3778b02e3

  • SHA512

    79f72d1485e8b42d6ebdf31815bfa67ebc6f4393a444de7d56edaf380d92f81deed4c33a905157b7d4dbbee0ac23b833d563f72b2430b3d94554f3fbff00bebe

  • SSDEEP

    384:88IPo7WiuU5adrEXgBswGVSGo44Q2KQGwOYekIYPmady2dWGmB8AB:88IPouU4SwSBVSG9gpISlyNG2

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b0ed275cadb2755f470a82a57a0cda9.exe
    "C:\Users\Admin\AppData\Local\Temp\2b0ed275cadb2755f470a82a57a0cda9.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1156
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\BF68.tmp.bat
      2⤵
        PID:3956

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BF68.tmp.bat
      Filesize

      179B

      MD5

      9f30bdfe5dad289bf6cd4d594dedb251

      SHA1

      c463df964de84e76c905ad5360382467e018a762

      SHA256

      82abc6afaa9867d06f9c00b6f81337118453392777f283d22ea6ee3e99808677

      SHA512

      883ce2e31575cf4b699859060ff505079446855524983994064b66b9f402b9ecefaf5aa93073ed85b0da9eaccdf3ccf437ec0aeaec42df064a0fbd065198f6d5

      Download Submit

    • C:\Windows\SysWOW64\dispexcb.dll
      Filesize

      2.4MB

      MD5

      4e23f0f1d21a1e6249c12c901b1bf305

      SHA1

      b9aa358fd62cecab68fcb219f1867e14623b8581

      SHA256

      938c7524a175c86ee3a33573ef95c038bfa912219fa57dd5013c75f65f2cc9a6

      SHA512

      4233b906bc538d8311f6dae5de8578a9ae60e3374079651f84affe658e4c7514b9258a35e2dea529d48835ea89ddc08a01deda548d9c1a4ba44a7c912fa44470

      Download Submit

    • C:\Windows\SysWOW64\dispexcb.tmp
      Filesize

      2.3MB

      MD5

      dd4a3764dc4f76f9d37dcfc05cbb5c58

      SHA1

      6c66d5490f438ca86ebee1706624fbf62d0f599f

      SHA256

      57a29b5f6c47b90610b82952ccb40156be69207cdd250fbff0c4debb9b5cc603

      SHA512

      e40c05b82a85c0148fd0810d3ea8456eca6a2d6d24559492ac8643e01377fff13ba087088099d7e6f187f721237020d3e520ee8d6e346649eca5124cfb925ef0

      Download Submit

    • memory/1156-17-0x0000000010000000-0x000000001006C000-memory.dmp

      Filesize

      432KB

      Download

    • memory/1156-21-0x0000000010000000-0x000000001006C000-memory.dmp

      Filesize

      432KB

      Download