6245c830089e4c501cfaa7b1b0f6df2b9f1d48c31495ac7cf6a72b708936ddcf

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 16:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3e75ec72404521a7519c36c84f92af7a.exe
Size

51KB
MD5

3e75ec72404521a7519c36c84f92af7a
SHA1

45631152a9e552c8f096cbb33c285fd14e074c17
SHA256

6245c830089e4c501cfaa7b1b0f6df2b9f1d48c31495ac7cf6a72b708936ddcf
SHA512

e31957b1ad5a90441c6bf1449678eca2f0cdde562d1f9ed7ea7d4d3955aa1e7d9d2ea346498a3b0110d2012312eaf2c3cba7b7116b50b1cced688af8597148c3
SSDEEP

768:PrIVJ12Aw8EWmvhPHOM21HGtk3tcrErDr8vLAXCa943e5sclrRirQM+c5T:Wq85mv8Hb3tcr+r8v0XB9TOcl1Lc5

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	3e75ec72404521a7519c36c84f92af7a.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\taskmgr\Parameters\ServiceDll = "%SystemRoot%\\System32\\taskmgr.dll"	svchost.exe

Deletes itself 1 IoCs

pid	Process
1152	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
3024	3e75ec72404521a7519c36c84f92af7a.exe
1152	svchost.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\taskmgr.dll	3e75ec72404521a7519c36c84f92af7a.exe

C:\Users\Admin\AppData\Local\Temp\3e75ec72404521a7519c36c84f92af7a.exe
"C:\Users\Admin\AppData\Local\Temp\3e75ec72404521a7519c36c84f92af7a.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:3024

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k taskmgr
1⤵
- Sets DLL path for service in the registry
- Deletes itself
- Loads dropped DLL
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\taskmgr.dll

Filesize
76KB

MD5
2e8e6d454187f2cac9b17034e0ccecbb

SHA1
e12dbb9c360aa9bff43d74197e558ab772765e71

SHA256
c32b7bb93b960adba210cea6b8f6ab1c9239078b40e22a06c29f2d593c18312c

SHA512
cc5a857d9a8c42ef44f86414cb9490d98467a2985b37d08f0effc154ff8c30a5eb383174bdde5c5c50c25f6ad7730ccd578e5ab340919bae0c5da0b9873eafeb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads