Analysis

  • max time kernel
    7s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 19:37

General

  • Target

    aaa8ae0f89bde2fc6451b82db2141362.exe

  • Size

    248KB

  • MD5

    aaa8ae0f89bde2fc6451b82db2141362

  • SHA1

    2e42d25788f065e9416fdeb7e33c3dbfa21bbd44

  • SHA256

    42d498fc9985f478cc9045a7e6f72062d4c7d30ede5c4d6b1c2ce2ad58aeeded

  • SHA512

    ef7371607ca9a1c79c89e8ffafe2fc71ad3d6fb0fd273fd206f2d45ec932663ef3bfffbfe913871d2b6f07f38ffbeb71128951830ffa21f430aa8171f3a47172

  • SSDEEP

    3072:9JwSW42t0z43JOFQfOTbjaoL7mZW0h/tlVu/T8cLBZ:9JjW42t0z43JOFQfOO

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaa8ae0f89bde2fc6451b82db2141362.exe
    "C:\Users\Admin\AppData\Local\Temp\aaa8ae0f89bde2fc6451b82db2141362.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\rienoel.exe
      "C:\Users\Admin\rienoel.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1928

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\rienoel.exe

          Filesize

          10KB

          MD5

          d1bd92be4fccdcf47f6a9f5f2f9e0ffa

          SHA1

          49520487acbe087f4c641749697e5e5dfce81e99

          SHA256

          6a38c06866e7c7f96d439971484292708a8494c80d82f29802f2ca99ba0511f1

          SHA512

          fc5d63bb714d6f1ff735361d7a97cd5fb60fae42d59df47fbc55c7f62e87bd236c1c9293ef3acdc8fcf55a3521a1e5789a5c1df26a192dfacea18aea35318af2

        • \Users\Admin\rienoel.exe

          Filesize

          41KB

          MD5

          210403750ee958248ba3d2feea8442af

          SHA1

          411bbb9f16f1fad0aba870396e75cab55c6c2a59

          SHA256

          f8613e936a4ffe1f58e2e8a1d32872702ed8c1ec525e5dfc91462f71087286b3

          SHA512

          4d34ff230aaf91f85122d8343b28dcaa653573eeade03842011f48c6d649c1a98220cf72cade92bc233bb79feb31792cc51b078d4f09b641be51c31a3e9ad1fc