Overview

overview

8

Static

static

3

439e840915...53.exe

windows7-x64

8

439e840915...53.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 11:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    439e8409159746c350e08a55bb7dfc53.exe

  • Size

    56KB

  • MD5

    439e8409159746c350e08a55bb7dfc53

  • SHA1

    864024811d617de0c5e9325c759a8d7f9eafcfac

  • SHA256

    1a3210ffab76c4e8bd5ffc312e81f4933231d1f27bce96750acfc2c8b756f998

  • SHA512

    9cdda895161b3fac3ba384cdb0b62be3c61f32c09c1c14212036d6323b58ec6765ff463227728e08482416ad9f8398c0b6d049c1c639e91372eb799e206d2e2b

  • SSDEEP

    1536:jUb/k88DvDLmg+EIG/ns4xnWBKkVJg82crHLglI:Ig88DvDLmgh/ns4kBKkn922Lg

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\439e8409159746c350e08a55bb7dfc53.exe
    "C:\Users\Admin\AppData\Local\Temp\439e8409159746c350e08a55bb7dfc53.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del "C:\Users\Admin\AppData\Local\Temp\439e8409159746c350e08a55bb7dfc53.exe
      2⤵
        PID:2752
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1192

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\windhcp.dll
              Filesize

              30KB

              MD5

              f681e95f66b8ca611d2ff978849b9110

              SHA1

              92b5cc30da301c5516c29fc5721fa3edb0262b1e

              SHA256

              fe382be973edc6b525bdfb7801f99ecfe1187f6e708a84ed57c2838ad7472473

              SHA512

              9bde965cdc831f3fc931772b70e0ff8e26acd694f01394511558935042064a705dcbf1b0e446cd4c1ba7fbd7a672d4bd74dea8863c311c16d4dd1abbc2958fc9

              Download Submit

            • \Users\Admin\AppData\Local\Temp\439e8409159746c350e08a55bb7dfc53.dat
              Filesize

              40KB

              MD5

              1a7a849c68706c10385d1b28532d4038

              SHA1

              8cf4ca8fcc0877375bd5957740c06ac443bdd34a

              SHA256

              333ea8845e6e5b151092f1a73694902ee7a091085f1ed35621f1c84ea51c434c

              SHA512

              5a983d0361a8fe0584e12e29c00563d063a0c9cf8b2d09b8414ec1df433f3d4338d391b6b2021d7621b41c5194ac7e9e06af5b73d1e22d816125ef6983c4d616

              Download Submit

            • memory/1192-9-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2248-0-0x0000000001020000-0x0000000001036000-memory.dmp

              Filesize

              88KB

              Download

            • memory/2248-12-0x0000000010000000-0x000000001001C000-memory.dmp

              Filesize

              112KB

              Download

            • memory/2248-8-0x0000000000270000-0x0000000000272000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2248-1-0x0000000000020000-0x0000000000022000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2248-13-0x0000000001020000-0x0000000001036000-memory.dmp

              Filesize

              88KB

              Download

            • memory/2248-14-0x0000000000020000-0x0000000000022000-memory.dmp

              Filesize

              8KB

              Download