Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 00:45

General

  • Target

    3f779cbd793bb0b2d61e5925953ef474.exe

  • Size

    204KB

  • MD5

    3f779cbd793bb0b2d61e5925953ef474

  • SHA1

    9102cb5747aaa47fe162714026a21251fe215770

  • SHA256

    1488eb28612b1110c7062e85a2053f4f4d6ee6eb0260767e9f55189a15f17b2f

  • SHA512

    f98e33086f1a94524eff4b5265ec5dc7421e48daccf0220b36abbb960961864cd13dd8cea9a0affb465faba143730926d51328412a5172de3d251c696d0d6158

  • SSDEEP

    6144:4lIuNb9o9yWokqP4kYajPWf14/AK9PyPjV:jW9FWovPGajPIJUP6V

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Modifies registry class 60 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f779cbd793bb0b2d61e5925953ef474.exe
    "C:\Users\Admin\AppData\Local\Temp\3f779cbd793bb0b2d61e5925953ef474.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\1B6D.bat
      2⤵
        PID:2548

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\1B6D.bat

            Filesize

            231B

            MD5

            d63578f74b1c4e1905476303df8247bf

            SHA1

            64ba407b09f39776be0ff222686afb5bde2be243

            SHA256

            c30a8090b1a760e4859c967256656c63842ef07e9066cdc7e6a44afb037e4389

            SHA512

            37b34d0ccec3273e34710bbe7d04c4af020d87d0bbd510a8feac317309aa2f95fb253f55243efa95cff5ec85c33dfa16e5bb7a69b0c486cec1c98220dbf6256e

          • \Program Files (x86)\altcmd\altcmd32.dll

            Filesize

            180KB

            MD5

            7a2fd750427043d5640f82d745759af8

            SHA1

            8ec7c9a1a1277611a3dc3aba2e9430ff4aa0839a

            SHA256

            38c5b2dc0f3eb89a46bc5b7ac8b03f01f656b1bc06d86f5cf1a03a61a4f076b9

            SHA512

            9256820df7291580f397190fc6e53867059a420f40d14e3846833dba4f93d554d6dc0f8f7b79ef4355c64ae447f43cfdb2da0efc4180d9cecc1a5011af510b97