Overview

overview

10

Static

static

5

4a3fb4e1f4...e1.exe

windows7-x64

10

4a3fb4e1f4...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-01-2024 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a3fb4e1f4f9b3ca096d79c97a8919e1.exe

  • Size

    512KB

  • MD5

    4a3fb4e1f4f9b3ca096d79c97a8919e1

  • SHA1

    7f44fd0c2627a885eba16025c681eb0b8dfbf38d

  • SHA256

    bf8d972cd7da52d8e6ce3c79996c1f444ce57fbce63d44329abe13c2bfba31d8

  • SHA512

    dfc33f856fb658106f392ca0b589b91a60d24a544ad683b5cb960db7b6e6e3348af527be372402e68f5ba5638500c0027bc9b68b99f82d907a55392fba568e84

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6u:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm55

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • AutoIT Executable 3 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a3fb4e1f4f9b3ca096d79c97a8919e1.exe
    "C:\Users\Admin\AppData\Local\Temp\4a3fb4e1f4f9b3ca096d79c97a8919e1.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:224
    • C:\Windows\SysWOW64\rtxymzwyrt.exe
      rtxymzwyrt.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3968
      • C:\Windows\SysWOW64\wyjxqrje.exe
        C:\Windows\system32\wyjxqrje.exe
        3⤵
          PID:1940
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
        2⤵
          PID:5040
        • C:\Windows\SysWOW64\ujdgekxbwcqcy.exe
          ujdgekxbwcqcy.exe
          2⤵
          • Executes dropped EXE
          PID:2692
        • C:\Windows\SysWOW64\wyjxqrje.exe
          wyjxqrje.exe
          2⤵
          • Executes dropped EXE
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:5036
        • C:\Windows\SysWOW64\ufkufpwgfbhipev.exe
          ufkufpwgfbhipev.exe
          2⤵
          • Executes dropped EXE
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:4936

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\ufkufpwgfbhipev.exe
        Filesize

        382KB

        MD5

        badd716c7c48a8241873d9251da496d1

        SHA1

        6bd2a072c8f64a1780fe75d983cb7b6584985c6d

        SHA256

        ad4373bfa026f66380b8ce44d6bc300d146770114fb10087019af7c616dc11d7

        SHA512

        7bf3f09216e2ba376053e668963797cd78f91119467917a84f467dd3110d6bd26592784cdf7cefd293413ff5b6dbe10a996d89627177235d9f109732c05f36c5

        Download Submit

      • memory/224-0-0x0000000000400000-0x0000000000496000-memory.dmp

        Filesize

        600KB

        Download

      • memory/5040-45-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-133-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-42-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-51-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-52-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-55-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-56-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-57-0x00007FF809560000-0x00007FF809570000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-54-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-53-0x00007FF809560000-0x00007FF809570000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-50-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-49-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-47-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-41-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-48-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-39-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-46-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-37-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-36-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-38-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-35-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-109-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-110-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-111-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-135-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-139-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-138-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-137-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/5040-136-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-134-0x00007FF80BBB0000-0x00007FF80BBC0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5040-40-0x00007FF84BB30000-0x00007FF84BD25000-memory.dmp

        Filesize

        2.0MB

        Download