e77f424757859867494a1cc96b61e8c090a1ae78337ab47bc253fadafef3f64e

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 10:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f10b5b79126502334e01f8749627ed.exe
Size

543KB
MD5

45f10b5b79126502334e01f8749627ed
SHA1

77ab1c9f8e7d9c8c76cc4fc957f4e6074d428619
SHA256

e77f424757859867494a1cc96b61e8c090a1ae78337ab47bc253fadafef3f64e
SHA512

9d11422fd2cbe7e9c52dcf7464bfb89ec893e23153086732b9e362e905b651aa41d1a33fe6eda77daccd6f70e908fb3fb3571b8e3147b090c5406550d90ce87d
SSDEEP

12288:6m0DxnQ3ZB9sxoJzbow9nc7vN79RgRfAxy6d+:6jVWZB9mOfow92LeEl

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2444714103-3190537498-3629098939-1000\Software\Microsoft\Windows\CurrentVersion\Run\Rundll32 = "\"c:\\Users\\Admin\\Application Data\\rundll.exe\""	reg.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
2744	reg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeIncBasePriorityPrivilege	1712	45f10b5b79126502334e01f8749627ed.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2688	1712	45f10b5b79126502334e01f8749627ed.exe	28
PID 1712 wrote to memory of 2688	1712	45f10b5b79126502334e01f8749627ed.exe	28
PID 1712 wrote to memory of 2688	1712	45f10b5b79126502334e01f8749627ed.exe	28
PID 1712 wrote to memory of 2688	1712	45f10b5b79126502334e01f8749627ed.exe	28
PID 2688 wrote to memory of 2724	2688	cmd.exe	30
PID 2688 wrote to memory of 2724	2688	cmd.exe	30
PID 2688 wrote to memory of 2724	2688	cmd.exe	30
PID 2688 wrote to memory of 2724	2688	cmd.exe	30
PID 2724 wrote to memory of 2744	2724	cmd.exe	31
PID 2724 wrote to memory of 2744	2724	cmd.exe	31
PID 2724 wrote to memory of 2744	2724	cmd.exe	31
PID 2724 wrote to memory of 2744	2724	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\45f10b5b79126502334e01f8749627ed.exe
"C:\Users\Admin\AppData\Local\Temp\45f10b5b79126502334e01f8749627ed.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\cmd.exe
  cmd /c run.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Rundll32 /D "\"c:\Users\Admin\Application Data\rundll.exe\"" /f
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /V Rundll32 /D "\"c:\Users\Admin\Application Data\rundll.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\run.bat

Filesize
146B

MD5
05d3d8f634f5d355b9e52a4c79341fb9

SHA1
213e67c4d4faef27bec7aaaa077b99d9dbcfc4fb

SHA256
46f69d51c136369b0472ade62b8c01d596af6c3a91c4acfc5c022e53f647fedf

SHA512
e5655816ce3a8f533b381264b47e5a2580f58a76c03e43a2c2ba18f43e3832a932f66e3a68cab2ca58311bca3227953c27a30bee8e9ae67d2d1d14d1ae99dbcd

Download Submit
memory/1712-0-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1712-11-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads