Overview

overview

10

Static

static

3

51ec6784a1...1b.exe

windows7-x64

10

51ec6784a1...1b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    154s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51ec6784a1c6d03d7aaf1872a55cee1b.exe

  • Size

    71KB

  • MD5

    51ec6784a1c6d03d7aaf1872a55cee1b

  • SHA1

    6f305f02b7f2dec71d0011403c223230a2e66a2d

  • SHA256

    034fb9dbc4e2fc22b196f423ce029d04aef18ffa82c1846f1fccab5e2ff49323

  • SHA512

    76e3f619f014a018c40192b15567791d1453c020a35031913e04e7e5f93bef2e7f4b53b58aa359cadbb60f0031b83d7f5fb7789b439dcff54085f178592de5f1

  • SSDEEP

    1536:zSQ3T6PLqchtIpYFK4Y8un5iVqxEG8GTgE:zSW6PLqcfXu5iYFgE

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Modifies WinLogon 2 TTPs 4 IoCs
    persistence
  • Drops autorun.inf file 1 TTPs 4 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 8 IoCs
  • Drops file in Windows directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies data under HKEY_USERS 2 IoCs
  • System policy modification 1 TTPs 3 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\51ec6784a1c6d03d7aaf1872a55cee1b.exe
    "C:\Users\Admin\AppData\Local\Temp\51ec6784a1c6d03d7aaf1872a55cee1b.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Modifies visiblity of hidden/system files in Explorer
    • Disables RegEdit via registry modification
    • Adds Run key to start application
    • Modifies WinLogon
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies data under HKEY_USERS
    • System policy modification
    PID:2936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\vxds.exe
    Filesize

    71KB

    MD5

    51ec6784a1c6d03d7aaf1872a55cee1b

    SHA1

    6f305f02b7f2dec71d0011403c223230a2e66a2d

    SHA256

    034fb9dbc4e2fc22b196f423ce029d04aef18ffa82c1846f1fccab5e2ff49323

    SHA512

    76e3f619f014a018c40192b15567791d1453c020a35031913e04e7e5f93bef2e7f4b53b58aa359cadbb60f0031b83d7f5fb7789b439dcff54085f178592de5f1

    Download Submit

  • memory/2936-24-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download