Overview

overview

8

Static

static

3

4b2d3bff99...43.exe

windows7-x64

8

4b2d3bff99...43.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    4s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b2d3bff999fe2b167af548843332643.exe

  • Size

    51KB

  • MD5

    4b2d3bff999fe2b167af548843332643

  • SHA1

    ea46a64d6a715d7d7d1b6751b88d612337aadaed

  • SHA256

    75e769c58ba3d86011dce06c2fbc1687d705753048a2c3e90e6c47cafc5c7cf2

  • SHA512

    33857794f1771abf2ded4d6700360b3963d085a6fce2ad28fdac3c752546641efcee4cceb23031e5d6bd98760ecc860da5d321a0cbefabf43d2489a94ec61986

  • SSDEEP

    1536:9WMY6ILkV8Hmuh5VYROO7Yg3gmeaWi1WBGUu:9W96IcqJ3YRq5aWaWBA

Score
8/10
persistence

Malware Config

Signatures

  • Sets DLL path for service in the registry 2 TTPs 6 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b2d3bff999fe2b167af548843332643.exe
    "C:\Users\Admin\AppData\Local\Temp\4b2d3bff999fe2b167af548843332643.exe"
    1⤵
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:1788
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k lbnore
    1⤵
    • Sets DLL path for service in the registry
    • Deletes itself
    • Loads dropped DLL
    PID:4052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\lbnore.dll
    Filesize

    17KB

    MD5

    d7fc872698f712cfe96cfac8e7903180

    SHA1

    17f3008dc9c2cb3c31177b91c3a431d2622549f4

    SHA256

    054f07613cef727f0269124de0b2541cda9504c13bfd0ae79020a62ce68bfca7

    SHA512

    02bbc83d514b3299042c0cf9fa8cca2d730b368f4a15b23f284d57dff7f4dc2a96d99893bc9f42e72ba47f2cc0417dc487752b30d921dea03a05c8652401a9a3

    Download Submit

  • C:\Windows\SysWOW64\lbnore.dll
    Filesize

    50KB

    MD5

    ebb0e2522c46f4c23fea834c817303f7

    SHA1

    4e2b553d6d87c230aedcc6ff15c2181ec3dba194

    SHA256

    0292d828cc60aee815068d4fed9c9d873ca8fc60c4535c8ea30d8cf859c6a173

    SHA512

    3b46ee08b87a095129b1cfa43129d8cee37251ecd6670ae1df202ff1e0102c54621df76e6e2ff85cea9fc2b305e0acc449b340d5819e4acdd9cbc629bca7be2e

    Download Submit

  • \??\c:\windows\SysWOW64\lbnore.dll
    Filesize

    1KB

    MD5

    9574ad5293b42da809ee8d07ca9aae27

    SHA1

    10a834e02bee5412ab1ce4be95af4845d21d5d64

    SHA256

    118caaa5b78c6ea29a0b8720a0c3bbd003ec80180d14dc92e7d2bdbb029b820c

    SHA512

    25a2210d0594913d16b4eba518c782f6c465b3c48cf78c6f8778f9cf7392fa06672d60f434146b1e0de60c1b98a40b5f834d87bd1260201bed5e428bd0d916e3

    Download Submit