Overview

overview

10

Static

static

3

465e2c70a1...43.exe

windows7-x64

10

465e2c70a1...43.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    06/01/2024, 13:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    465e2c70a110fa365faca85de8d81e43.exe

  • Size

    67KB

  • MD5

    465e2c70a110fa365faca85de8d81e43

  • SHA1

    9fdc92ab8961a0d6630ba208b8b9f15b2a25bd28

  • SHA256

    caa6f0c7b05f2459a4b58498f3078270cb79879ff95b499d1626c09a61fe93e8

  • SHA512

    c1aa4cc877aefa2f7ca863b607d25a4711f1e1fe1c34fde504fe7918a5e79ceeea53e4d19ecaf7f6ff6cd760af82862f3bc20bfecec182898fe4f66bd046a155

  • SSDEEP

    1536:HuHBOqDdUwC2AVH+wDxPDsUnKntZ+EWAnTj42LoFLMBN:OLJ8Fhu+rkeMP

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Sets file execution options in registry 2 TTPs 48 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 10 IoCs
  • Modifies registry key 1 TTPs 2 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 35 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\465e2c70a110fa365faca85de8d81e43.exe
    "C:\Users\Admin\AppData\Local\Temp\465e2c70a110fa365faca85de8d81e43.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • UAC bypass
    • Sets file execution options in registry
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks whether UAC is enabled
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2868
    • C:\Program Files (x86)\K-Lite\mplayerc.exe
      "C:\Program Files (x86)\K-Lite\mplayerc.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
    • C:\Windows\SysWOW64\REG.exe
      REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
      2⤵
      • Modifies registry key
      PID:1272
    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1660
    • C:\Windows\SysWOW64\ping.exe
      ping www.bok3p.com -n 996699 -l 1330
      2⤵
      • Runs ping.exe
      PID:2336
    • C:\Windows\SysWOW64\ping.exe
      ping www.duniasex.com -n 996699 -l 1330
      2⤵
      • Runs ping.exe
      PID:2592
    • C:\Windows\SysWOW64\REG.exe
      REG DELETE HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot /f
      2⤵
      • Modifies registry key
      PID:3028
  • C:\Program Files (x86)\K-Lite\mplayerc.exe
    "C:\Program Files (x86)\K-Lite\mplayerc.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetWindowsHookEx
    PID:2624
  • C:\Program Files (x86)\Windows Media Player\setup_wm.exe
    "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
    1⤵
      PID:2196

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\K-Lite\mplayerc.exe
            Filesize

            67KB

            MD5

            b3c28423fa8c8df40890db6607a58649

            SHA1

            2c68e8c6f695f4d05a49c8d1593bb1d21391a7c4

            SHA256

            a4a5fe5dd5b9e54c25709af5368257f48888ac2c15fdbd574d6bfb05b27d033b

            SHA512

            5f2ed5c8443805579be104a034796abc1f61be830e5779e4ed290ad30f0659a3d61b529968c929ae2037920458751d2504f028e6e6b8c9e880b2beffbebddad7

            Download Submit

          • memory/2508-11-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2508-21-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2508-26-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2624-16-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2624-19-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2868-1-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2868-9-0x00000000002A0000-0x00000000002CE000-memory.dmp

            Filesize

            184KB

            Download

          • memory/2868-20-0x0000000000400000-0x000000000042E000-memory.dmp

            Filesize

            184KB

            Download