Overview

overview

10

Static

static

3

40a96c42e5...0c.exe

windows7-x64

10

40a96c42e5...0c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40a96c42e50077f03f9873a696427b0c.exe

  • Size

    316KB

  • MD5

    40a96c42e50077f03f9873a696427b0c

  • SHA1

    5932ee55845edbeb10c7bc612b88eb2f1c7316cd

  • SHA256

    37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb

  • SHA512

    45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84

  • SSDEEP

    6144:vvm10YVZB6KrpwL3nigP+JjwR99SMI27DKEJxDdMSvN:GWYVZE4pYNmZ69SMI8Jxhv

Score
10/10
evasionpersistencetrojanupx

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40a96c42e50077f03f9873a696427b0c.exe
    "C:\Users\Admin\AppData\Local\Temp\40a96c42e50077f03f9873a696427b0c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Users\Admin\AppData\Local\Temp\40a96c42e50077f03f9873a696427b0c.exe
      C:\Users\Admin\AppData\Local\Temp\40a96c42e50077f03f9873a696427b0c.exe
      2⤵
      • Modifies WinLogon for persistence
      • Disables RegEdit via registry modification
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:64

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dwlGina3.dll
    Filesize

    93KB

    MD5

    1173123287198dce1eb831f04e28352c

    SHA1

    39d650f4297c990a7ffaa7dc3b6d0ef903c9bd14

    SHA256

    65d4582e135c774d9c827ae08de8b77f199ee934f13d1a0537df4f5d18f590ba

    SHA512

    e9fdb6e808b0f3ed850fb364d48609a9726fd41ad138594fc04f8d48d5672aec3aaa76af236f07c4263c053dc539f99009e74491adb03c885190dcce78f0cede

    Download Submit

  • memory/64-2-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/64-4-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/64-5-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/64-7-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/64-10-0x0000000000690000-0x0000000000691000-memory.dmp

    Filesize

    4KB

    Download

  • memory/64-14-0x0000000002C20000-0x0000000002C3C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/64-23-0x0000000000400000-0x000000000049A000-memory.dmp

    Filesize

    616KB

    Download

  • memory/64-24-0x0000000002C20000-0x0000000002C3C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/64-27-0x0000000000690000-0x0000000000691000-memory.dmp

    Filesize

    4KB

    Download