Overview

overview

7

Static

static

3

43e4f5a31f...f5.exe

windows7-x64

7

43e4f5a31f...f5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    2s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe

  • Size

    51KB

  • MD5

    43e4f5a31ff7c90f59f4ac9b4d2eecf5

  • SHA1

    e59c6084c537ebec193ff3f19c0f906e09a71fcf

  • SHA256

    ff77d1b39f87bfa525c67f780c77b516a3ab05f3f794aaedfdfbe118044d3675

  • SHA512

    68bec7e25a1a4388494a9636935b0051e8466302e7ccefa399692ec69aa73d9405c6b128d5b6cd5431dec2c56c809d78a54f73e57af4f0051d65c64522384554

  • SSDEEP

    768:hogJkE3jZoiBd5Byynjb3xMJEU0xSOumt28ZDWVx6c:hogJkE3egd28/qyUnOo8ZiV0c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe
    "C:\Users\Admin\AppData\Local\Temp\43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2668
    • C:\Users\Admin\lsass.exe
      "C:\Users\Admin\lsass.exe"
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\lsass.exe
    Filesize

    46KB

    MD5

    20844e796a560c0bf47b42f9883f0fe6

    SHA1

    fd284805a52562a5fb871907ce788130bdf08a5f

    SHA256

    ca8a5f91b000a823fb8441f598c55486ef74b879d2c5e2d02dcda4d103f84c9c

    SHA512

    519fcf07d1b9bc4220dac546c0e2576d1048c4acd84d0708de686f29f482254232ef067fae6d00b3a83e71633c119133029630a31d67dca923c3adfa93055210

    Download Submit

  • C:\Users\Admin\lsass.exe
    Filesize

    40KB

    MD5

    dc3d62322aed05e152311a904e219153

    SHA1

    980eda1a5d730fe351bb7fbcb545a42ea6317481

    SHA256

    87354250007b705ccb78552d945ad2e05e9823d3ddf2c39483f7c8dc1ad29d62

    SHA512

    a1def6a8b85da93f84444daa18aa85f3aa4690c4d2c95e30043ad272aa4d5b0e17ba007ebdda82a9dd0008176562f72178bf53c0d9200e113eede6fff18015b7

    Download Submit

  • C:\Users\Admin\lsass.exe
    Filesize

    32KB

    MD5

    fa4c062f366aef5b65ce2621e4ad2996

    SHA1

    be9d802805c9c7fd5e1d886c06bb8367c8010e8b

    SHA256

    400f81432341520f1847bb9c574da4c4df55bf5d4d77905919ed0b3ea7108f03

    SHA512

    b0c66137b5fefbc06c8e24cdd17f8640ec746bbb92b06bcaa793cfe60b0443d30ee65f3964bc04d16467a97a7363f9041e033ab521e0351deec85c5accfa7220

    Download Submit

  • \Users\Admin\lsass.exe
    Filesize

    51KB

    MD5

    43e4f5a31ff7c90f59f4ac9b4d2eecf5

    SHA1

    e59c6084c537ebec193ff3f19c0f906e09a71fcf

    SHA256

    ff77d1b39f87bfa525c67f780c77b516a3ab05f3f794aaedfdfbe118044d3675

    SHA512

    68bec7e25a1a4388494a9636935b0051e8466302e7ccefa399692ec69aa73d9405c6b128d5b6cd5431dec2c56c809d78a54f73e57af4f0051d65c64522384554

    Download Submit

  • \Users\Admin\lsass.exe
    Filesize

    19KB

    MD5

    fa8f2e5474b8d59588554c290aee9deb

    SHA1

    bf9b309d5d5e76f86b10f25b71078eb65ebdacd9

    SHA256

    7a29ec4f5abd636d679e37adcb216e1ac3d3c0dd168e2be5c58e2471bfe16659

    SHA512

    c8240b64d9d7208d47c45d54d8e863be9b0680e6045f5278a4046fce4a3b3942c17b7dfe3a2df492e95ac32676562df3c58b5c1246fc95bae15477097a878153

    Download Submit