Overview

overview

7

Static

static

3

38918f603b...71.exe

windows7-x64

7

38918f603b...71.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38918f603b2e2bb4c09e69bc5f98cb71.exe

  • Size

    109KB

  • MD5

    38918f603b2e2bb4c09e69bc5f98cb71

  • SHA1

    3d86e656d996a13921e79996dc6bd9e8c31ba93b

  • SHA256

    8b143062ebc9e1dfbbdfd1a7a24eb88c2637294e15aa26d9c65b23e95f257eeb

  • SHA512

    a326a0fe964cec626341aac47221036abc04a1c999d1a7f4e5634daacec0c67976f2397e051ec34beb7d4fac16ba1cb765d6cb701ed512bc7d67a7d91919a833

  • SSDEEP

    3072:b+CLQALA6QggKEtEDxrg6hetSd397s60IVW:Kq1LA6SrIrg6Ao39/

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38918f603b2e2bb4c09e69bc5f98cb71.exe
    "C:\Users\Admin\AppData\Local\Temp\38918f603b2e2bb4c09e69bc5f98cb71.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:880
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\gciaui.dll",LoadMemory
      2⤵
      • Deletes itself
      • Loads dropped DLL
      PID:2096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\gciaui.dll
    Filesize

    109KB

    MD5

    5852136820501ec02d1a0cafde2cec10

    SHA1

    7f7358b59e351aa24511fa24caa1c230f9727933

    SHA256

    e9748ef7469613f54d792cfcf051e437b8121d162f0ea9d40407a14b8ccea6f7

    SHA512

    4b6790c5dfcfaa1b29213a052df430f26721420de69d3f3b8d64022039e0a877986b2b480f55eb0e58d3861577fe34b3e05c39b445eff1981e4a90243c19c9af

    Download Submit

  • memory/880-0-0x00000000002B0000-0x00000000002BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/880-1-0x00000000002B0000-0x00000000002BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/880-6-0x0000000010000000-0x000000001001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/880-2-0x00000000002D0000-0x00000000002EE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/880-13-0x0000000000310000-0x000000000032E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/880-17-0x00000000002B0000-0x00000000002CE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/880-18-0x00000000002B0000-0x00000000002BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2096-26-0x0000000000260000-0x000000000027E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2096-25-0x00000000001F0000-0x00000000001FF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2096-30-0x0000000010000000-0x000000001001E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2096-31-0x00000000001F0000-0x00000000001FF000-memory.dmp

    Filesize

    60KB

    Download