Analysis

  • max time kernel
    150s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 19:21

General

  • Target

    a803651431c71f5a15932648c8171172.exe

  • Size

    108KB

  • MD5

    a803651431c71f5a15932648c8171172

  • SHA1

    244e9ea02a6823b44a9d08df28fa6fde69f8d865

  • SHA256

    29d9ee9d182854ba4aaf84769c34139d2c77e3ff3389c365c50933994a771e4c

  • SHA512

    fcca68583f20517e7983b8f77574cd8fd1c3e6590db92ec90521accac8d59e6c9c936c4f3fb6f9f08e7de994524484976963101bcda6f752e2d54ce5b3fa1df7

  • SSDEEP

    1536:wA9c/KiB6oQ7Lh5+sXmNt0ttlPXLq0zTrk3:d8moIeZt8XTzTo3

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a803651431c71f5a15932648c8171172.exe
    "C:\Users\Admin\AppData\Local\Temp\a803651431c71f5a15932648c8171172.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Users\Admin\moiiv.exe
      "C:\Users\Admin\moiiv.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2688

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\moiiv.exe

          Filesize

          108KB

          MD5

          7afa4b65911a6ef821c6461fccd19da5

          SHA1

          0d7857aba7893421bef8f50b7782511047e18186

          SHA256

          9f2e7546b2d0b4deb0a67119963a12db73c0aae02e9241269ae43ac5d21a3265

          SHA512

          22e3d19e8f12b3e7b775e09f05b695a1b850884b734f77737bbe41cf4b029f9032c7d21214c5388ae82b4a845aca091e385dd9fc0f187fe74f759e00f63114a5