Analysis
-
max time kernel
0s -
max time network
2s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
31/12/2023, 06:01
General
-
Target
2b063c2241097d8b61458c3587b1f980.exe
-
Size
18KB
-
MD5
2b063c2241097d8b61458c3587b1f980
-
SHA1
79069663453be3ca3643260f9505cbb14c742913
-
SHA256
444ec39e947b018f2db462737c26c32aa4f8badcd99c206a11f652f43de42048
-
SHA512
a83ce67196d8f7f6c7452ae479c4f299f349a304846e1a19b53caebb022b2f91fce6f41bead506f54644a34bb8851378f9b24cf2e6433ada9ea9fff69d13a8e6
-
SSDEEP
384:1QQ5AWnSDsJkS5a9zSiQlDKdfS44hNbM1AeCc17tQfXGa7qu+:2KnSDgr5MmiQlDKdYng+/hqP
Score
7/10
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b063c2241097d8b61458c3587b1f980.exe"C:\Users\Admin\AppData\Local\Temp\2b063c2241097d8b61458c3587b1f980.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD5107644a5982a9b513854c95ed28525ad
SHA154f38105c1833cf55d95debedb50d9ab40094b5d
SHA256e936ef0934153ebe7f509938bd81ad1be6fe02708ea9343754f553179d250d43
SHA512b5e2672b1ce402ccf616c9c27d49de1cfba99c16be100543ab00e54362586e0fe6b1c4f4fa9f559e43a815f41e7d1b855c91c4e254b0fd6cc8f63f52cb44cac0
-
Filesize
68KB
-
Filesize
4KB