1e5674fbf625803af62d1d47c16b98f078782b7c98bb761ad5533ca05365d7a2

Analysis

max time kernel
154s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47b65810ca00f2f48c6604a95cb5d31d.exe
Size

87KB
MD5

47b65810ca00f2f48c6604a95cb5d31d
SHA1

cf12ebad550e94a250f46a0074afff03dbb48130
SHA256

1e5674fbf625803af62d1d47c16b98f078782b7c98bb761ad5533ca05365d7a2
SHA512

54bc907a72ff913d8f6e1ba75b8c8486cc1ea6332ca762e0c8cb8ce9aed23e8dfd1a5357b810a7733eb036f4e7dc4f5b0fa1f3ffaed038ece5c81382bc7d12b6
SSDEEP

1536:hpUYNnYSs35m47SZGzGP5yUfYmVRK1x8QA5WaCH22KS8GCEUAuR137K06RUp5Y:hpUInYrm47SeGPqmro8QAgateCgc20gj

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
216	47b65810ca00f2f48c6604a95cb5d31d.exe
216	47b65810ca00f2f48c6604a95cb5d31d.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	47b65810ca00f2f48c6604a95cb5d31d.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	47b65810ca00f2f48c6604a95cb5d31d.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	47b65810ca00f2f48c6604a95cb5d31d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	47b65810ca00f2f48c6604a95cb5d31d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	47b65810ca00f2f48c6604a95cb5d31d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	47b65810ca00f2f48c6604a95cb5d31d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	47b65810ca00f2f48c6604a95cb5d31d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
216	47b65810ca00f2f48c6604a95cb5d31d.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2336	216	47b65810ca00f2f48c6604a95cb5d31d.exe	88
PID 216 wrote to memory of 2336	216	47b65810ca00f2f48c6604a95cb5d31d.exe	88
PID 216 wrote to memory of 2336	216	47b65810ca00f2f48c6604a95cb5d31d.exe	88
PID 216 wrote to memory of 4600	216	47b65810ca00f2f48c6604a95cb5d31d.exe	99
PID 216 wrote to memory of 4600	216	47b65810ca00f2f48c6604a95cb5d31d.exe	99
PID 216 wrote to memory of 4600	216	47b65810ca00f2f48c6604a95cb5d31d.exe	99

C:\Users\Admin\AppData\Local\Temp\47b65810ca00f2f48c6604a95cb5d31d.exe
"C:\Users\Admin\AppData\Local\Temp\47b65810ca00f2f48c6604a95cb5d31d.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:2336
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
63B

MD5
009a9eee4ca4eba149b2139527af32ed

SHA1
0e07a97992361a3cdb17288eb0b62cbea027083a

SHA256
51fe7d6a16cc8944cf2dc90be85fc58dbca47c17b73a61a34be37be4eef6fe12

SHA512
cce598a1343003d929e1b6839dd87d21163ccdc948fee313ca5aefc55f94a5d785ca712e4a2ee411a8fd5fb665476cf7bbff2601117531820eaae031b32b431b

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
62B

MD5
659a0e6431d36cfb74d99ed8b9102c7a

SHA1
116703a3e482713f742e9a6f9123b79b9784b47a

SHA256
b1e10d2b4cb44fa40741ec58c24c507fe6b1a0ccae431d3200bb5652af34a55e

SHA512
509256c9a63f98235c26d7c17843f52b0e5b4cba9d3c4b60058d65f5650ba8630dd8d7463531df471b607852028b59578331037285cc5817b5aeffb6919995bf

Download Submit
C:\Windows\Help\F3C74E3FA248.dll

Filesize
70KB

MD5
43b5eb248bb29598d35fb991a7f6a819

SHA1
b3d0aecbfaeb73a81b323cca690a1d372f02c0ed

SHA256
3beba40c5451387a78125182b504d1b7831d7886320810493e2bca9e5f24a190

SHA512
a06f8a90db395b9e61b9627bf53665207c4990edc3ec15aa64c4afad0cebef0bf11eeca5512f92c298c580593a8f8be465efbe57b701cf151af13b4d09f9bd83

Download Submit
memory/216-0-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/216-4-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/216-13-0x00000000022B0000-0x00000000022F9000-memory.dmp

Filesize
292KB

Download
memory/216-16-0x00000000022B0000-0x00000000022F9000-memory.dmp

Filesize
292KB

Download
memory/216-18-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/216-19-0x00000000022B0000-0x00000000022F9000-memory.dmp

Filesize
292KB

Download