Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 09:46

General

  • Target

    316eb3f6e252e406b1815bd650088156.exe

  • Size

    303KB

  • MD5

    316eb3f6e252e406b1815bd650088156

  • SHA1

    b666bcf5ece3cbdf49e66556820bcc87f8d21886

  • SHA256

    ef1f7115e0dedca5a41da22ac3476c3f1a27bb21e77c6ad6eaaac5843f3b9788

  • SHA512

    22efbc31f96db16eaa0312c264447444cde6a3f7476a7aed1f5603e727a9b908515dcf373db080943f6fe8808d7f60cba4b1273770966add3ecddbcde50c1561

  • SSDEEP

    6144:ZmOf3vF/m6O79bTvejWVpyLtK42stFdeU7tLzpvIj2JClKD11QNI:xvFej79bTejWvI7FdV7BVwj2BrQK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 31 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 46 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\316eb3f6e252e406b1815bd650088156.exe
    "C:\Users\Admin\AppData\Local\Temp\316eb3f6e252e406b1815bd650088156.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2948
    • C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll
      "C:\Program Files\Common Files\Microsoft Shared\A_v_DVD.dll"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3064
    • C:\Program Files\Common Files\Microsoft Shared\services.exe
      "C:\Program Files\Common Files\Microsoft Shared\services.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2600
    • C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
      "C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2480
    • C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll
      "C:\Program Files\Common Files\Microsoft Shared\A_v_TT.dll"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2240
  • C:\Users\Admin\AppData\Local\Temp\KK44KK.exe_06A8DAB52E63F2F20A38FBA8E68910809B7FB85F.exe
    "C:\Users\Admin\AppData\Local\Temp\KK44KK.exe_06A8DAB52E63F2F20A38FBA8E68910809B7FB85F.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2560
  • C:\Program Files\Common Files\Microsoft Shared\services.exe
    "C:\Program Files\Common Files\Microsoft Shared\services.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:476
  • C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll
    "C:\Program Files\Common Files\Microsoft Shared\A_v_AuTo.dll"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:592
  • C:\Program Files\Common Files\Microsoft Shared\services.exe
    "C:\Program Files\Common Files\Microsoft Shared\services.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:2964

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/476-88-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/476-91-0x0000000000990000-0x0000000000991000-memory.dmp

          Filesize

          4KB

        • memory/476-92-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/476-94-0x00000000008C0000-0x000000000090B000-memory.dmp

          Filesize

          300KB

        • memory/476-89-0x00000000009A0000-0x00000000009A1000-memory.dmp

          Filesize

          4KB

        • memory/592-86-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/592-126-0x0000000000220000-0x0000000000238000-memory.dmp

          Filesize

          96KB

        • memory/592-93-0x0000000000220000-0x0000000000238000-memory.dmp

          Filesize

          96KB

        • memory/2240-120-0x0000000000400000-0x0000000000417000-memory.dmp

          Filesize

          92KB

        • memory/2240-135-0x0000000000020000-0x0000000000037000-memory.dmp

          Filesize

          92KB

        • memory/2240-136-0x0000000000020000-0x0000000000037000-memory.dmp

          Filesize

          92KB

        • memory/2240-116-0x0000000000400000-0x0000000000417000-memory.dmp

          Filesize

          92KB

        • memory/2240-118-0x0000000000020000-0x0000000000037000-memory.dmp

          Filesize

          92KB

        • memory/2240-119-0x0000000000020000-0x0000000000037000-memory.dmp

          Filesize

          92KB

        • memory/2240-117-0x0000000000020000-0x0000000000037000-memory.dmp

          Filesize

          92KB

        • memory/2480-133-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/2480-74-0x0000000000400000-0x0000000000415000-memory.dmp

          Filesize

          84KB

        • memory/2480-79-0x0000000000020000-0x0000000000035000-memory.dmp

          Filesize

          84KB

        • memory/2560-25-0x0000000000400000-0x0000000000441000-memory.dmp

          Filesize

          260KB

        • memory/2560-30-0x0000000003770000-0x0000000003974000-memory.dmp

          Filesize

          2.0MB

        • memory/2600-52-0x00000000003A0000-0x00000000003EB000-memory.dmp

          Filesize

          300KB

        • memory/2600-98-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/2600-50-0x0000000000020000-0x0000000000038000-memory.dmp

          Filesize

          96KB

        • memory/2600-51-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/2600-49-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/2948-70-0x0000000000250000-0x0000000000265000-memory.dmp

          Filesize

          84KB

        • memory/2948-115-0x0000000000250000-0x0000000000267000-memory.dmp

          Filesize

          92KB

        • memory/2948-99-0x0000000000250000-0x0000000000268000-memory.dmp

          Filesize

          96KB

        • memory/2948-48-0x0000000000250000-0x0000000000268000-memory.dmp

          Filesize

          96KB

        • memory/2948-38-0x0000000000250000-0x0000000000268000-memory.dmp

          Filesize

          96KB

        • memory/2948-114-0x0000000000250000-0x0000000000267000-memory.dmp

          Filesize

          92KB

        • memory/2948-10-0x00000000002C0000-0x000000000030E000-memory.dmp

          Filesize

          312KB

        • memory/2948-65-0x0000000000250000-0x0000000000265000-memory.dmp

          Filesize

          84KB

        • memory/2964-78-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/2964-80-0x0000000000400000-0x0000000000417AB9-memory.dmp

          Filesize

          94KB

        • memory/2964-82-0x0000000000740000-0x000000000078B000-memory.dmp

          Filesize

          300KB

        • memory/3064-17-0x0000000000250000-0x0000000000252000-memory.dmp

          Filesize

          8KB

        • memory/3064-13-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/3064-54-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

        • memory/3064-15-0x0000000000230000-0x000000000027E000-memory.dmp

          Filesize

          312KB