8aeff21be87edb12c6d81caf8b905f4bc3164984973e265baee52d513d780748

Analysis

max time kernel
147s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bb64eba8440f3225d2cfd833402cb30.exe
Size

291KB
MD5

3bb64eba8440f3225d2cfd833402cb30
SHA1

72d1b353926807ce0eb0522c191dd7c60cc2bd81
SHA256

8aeff21be87edb12c6d81caf8b905f4bc3164984973e265baee52d513d780748
SHA512

4b69b7a36ed6a600245e25e53f8617fe7a38d3363b462dcf7a7c1b66d006a50bcf95df16b9502d135b7068979f7650b81e72f819a1d74f1376247d2761a0da3b
SSDEEP

6144:JGK94QZVcjSIXT6JRoar658ZI7arNhReT3MLV+TJQ:4K95Vcjbr5SlrNhReTy3

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3712	svchost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\SystemHost = "C:\\Windows\\Temp\\svchost.exe"	3bb64eba8440f3225d2cfd833402cb30.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3712	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 3712	1012	3bb64eba8440f3225d2cfd833402cb30.exe	19
PID 1012 wrote to memory of 3712	1012	3bb64eba8440f3225d2cfd833402cb30.exe	19
PID 1012 wrote to memory of 3712	1012	3bb64eba8440f3225d2cfd833402cb30.exe	19

C:\Users\Admin\AppData\Local\Temp\3bb64eba8440f3225d2cfd833402cb30.exe
"C:\Users\Admin\AppData\Local\Temp\3bb64eba8440f3225d2cfd833402cb30.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\Temp\svchost.exe
  C:\Windows\Temp\svchost.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\svchost.exe

Filesize
32KB

MD5
5913bb9a5d17d706a9b492af46fdf823

SHA1
215d3d468ff8fe9fa0653b7177f7a49ec500907b

SHA256
6780c920d29a086f525c891d78177c48bb847a93dbea65e618a9c7ada9e7a302

SHA512
43c3f6b050bd3ecc334022aef400e2884711f705b6c00e445f5aa2056e2493cca2ec7cefbe99dfc2ddf56ea56c419604c31bb233bde324f1b452eae7b9a43482

Download Submit
C:\Windows\Temp\svchost.exe

Filesize
10KB

MD5
20906082b9814d728c6257accf2f033d

SHA1
fd5e23b1cb6fe49e3194e0eb8419a4a441ea95e1

SHA256
2cd808c964b907656242ebd301990fe28132b07102385906638299ddaa6f7029

SHA512
70fdf3a35061ba45b5410f02564f301ed4ef8b2abca21a2ecce4514d5cd4f89838c0dc714fc59de5d3515560de907913dfe0ad1e764f22d895dd00e8baa28ec8

Download Submit
memory/1012-5-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-13-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-9-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-10-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-6-0x00000000023F0000-0x00000000023F1000-memory.dmp

Filesize
4KB

Download
memory/3712-12-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-7-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-14-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-15-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-16-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-17-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-18-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-19-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3712-20-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads