Overview

overview

10

Static

static

3

51b52b6a47...f3.exe

windows7-x64

10

51b52b6a47...f3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51b52b6a470305d6043a8b62d54619f3.exe

  • Size

    13KB

  • MD5

    51b52b6a470305d6043a8b62d54619f3

  • SHA1

    639f6b28af1ffe7ac9573bf555d9bfa468481576

  • SHA256

    e0a8f0734bc0bbaf7467b8afb8a4d87f9981484632c4933df3ed233e3b7f2058

  • SHA512

    7096879d7a63e9a208af868684b523d5e50a17f4aacc427fa4a1976847be8d87915c78b8a5ca577f20871a6bf8399c5dae2c7913b45119a3ccd6f4f6b1c0b538

  • SSDEEP

    384:mgEqaDpr1HGbt0hhFJwIWMl4HsPBhQaUxb4QsT1w4XoFTctx:7h45mp0lSIyMphQaUxsQsT1Dtx

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51b52b6a470305d6043a8b62d54619f3.exe
    "C:\Users\Admin\AppData\Local\Temp\51b52b6a470305d6043a8b62d54619f3.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\DBED.tmp.bat
      2⤵
      • Deletes itself
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\DBED.tmp.bat
    Filesize

    179B

    MD5

    bb7d50def27526a0250fe34f81c8258e

    SHA1

    2f306e7804402e28474f8957d4b39947cf56ad5f

    SHA256

    2b30c454374ca18bc2ce7a0e8644cba4730ff998c82fcede6c903ad68e59f7bd

    SHA512

    26a8280f396eccd175e7009faec09f875a7ef1a8d5736de786e9cf6f57a42cf983b44302afdd5fa358337f75d87ef8d0416b768befceb334f4ef305083b72a65

    Download Submit

  • C:\Windows\SysWOW64\zrowbhdf.tmp
    Filesize

    2.2MB

    MD5

    918f247b17bd31bac33f5fc21f16f83b

    SHA1

    ececfe97662c5b5dcb75623f06c8b22cec08f40c

    SHA256

    6094746f451b19c2cbea592234dedfaab57eda2c7dcc51b99ab7f67e6ce90ede

    SHA512

    6570b0b4aa8e9b50f72695b942e9ae7c11432a0509821c1eb8043fee92285d36656ee465b8af7d4b2fb4a8ced4da419a3ca681b8e6acb1eb728be652696ca9a2

    Download Submit

  • memory/2312-12-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2312-21-0x0000000010000000-0x0000000010008000-memory.dmp

    Filesize

    32KB

    Download