Overview

overview

7

Static

static

3

2d3ba5b8f9...01.exe

windows7-x64

7

2d3ba5b8f9...01.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d3ba5b8f97494294a4f45f0477dc701.exe

  • Size

    389KB

  • MD5

    2d3ba5b8f97494294a4f45f0477dc701

  • SHA1

    fb7c63212affc077cf9a4223cad80aa457c1a733

  • SHA256

    0761fda49e8dc60cda9e7445e6a7e1ff61c54ea7da7c3f8dfc4e50f220e1efd5

  • SHA512

    7b9d00193494669e530a78d09cd58c57c53d7ad0d1ca697051370b5733a8c1fd33af6dd2134e37d7861c7dded3357f55eea85e8c90f7b0e2416adda150f170fc

  • SSDEEP

    6144:JjQVf7Np3KYD85/KMU4sxMQMTE53oEhrOi8Wx+HZ4J:KDDUKMU4AMQn53x9xx

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d3ba5b8f97494294a4f45f0477dc701.exe
    "C:\Users\Admin\AppData\Local\Temp\2d3ba5b8f97494294a4f45f0477dc701.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\ProgramData\lC31000DeFnE31000\lC31000DeFnE31000.exe
      "C:\ProgramData\lC31000DeFnE31000\lC31000DeFnE31000.exe" "C:\Users\Admin\AppData\Local\Temp\2d3ba5b8f97494294a4f45f0477dc701.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lC31000DeFnE31000\lC31000DeFnE31000.exe
    Filesize

    389KB

    MD5

    80750534f3a5357fdad7e99efd470e80

    SHA1

    6887d51f62e1b81787ef94ed283298cb69f387f5

    SHA256

    4e7aae9009525a5a777771ca1e8481683b8633f48abdb5c5c142816d00a2b484

    SHA512

    a99e7576e96a0ef7ee4e3181128f9630840de8d75ad19862896ea7c16137bce85b32aa9430a4d94c3fecb73be793273cc2f510fdc6f740bf2ed9ae8d42c1b895

    Download Submit

  • C:\ProgramData\lC31000DeFnE31000\lC31000DeFnE31000.exe
    Filesize

    129KB

    MD5

    0e681f8b1b2772a14f98ec41ab84f8d6

    SHA1

    fb3ce43f64f10319ff4f821666ba152c80990908

    SHA256

    357206fa04fb4e2b2c789cabd4efb2ac0b8df1874b49d0da6399304cd8d5ded8

    SHA512

    5ee7d463e071bcc09b509446bf9d30b98e2ca8394ab79765042d321d42b0989cba8a8995a9c82fa9437419e0cacf3d65f76fa10316551b066757516c68c56ba2

    Download Submit

  • memory/1716-1-0x0000000077682000-0x0000000077683000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1716-0-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/1716-14-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3356-13-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3356-22-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3356-29-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download

  • memory/3356-42-0x0000000000400000-0x00000000004D1000-memory.dmp

    Filesize

    836KB

    Download