Overview

overview

7

Static

static

3

51f087b461...d9.exe

windows7-x64

7

51f087b461...d9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 23:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51f087b4613d27433d8cfcb125ae49d9.exe

  • Size

    344KB

  • MD5

    51f087b4613d27433d8cfcb125ae49d9

  • SHA1

    56c07063e8453f0b2a36ec6b36570ba3afe103d4

  • SHA256

    b06a7de629b646ca4ed7199e522f38db50607784335ba7d7fc716077491532bf

  • SHA512

    cadb48749602dab3b377949f885d6db1da37926777da1cc14ddb8558379151cfa32d6052ae0e2699a339b87470c54c97b7ab32f2bf303afda8b6a29013069038

  • SSDEEP

    6144:7AjK6l+wlbl3nrZ3ySYi7yjb3TgR4e9Rud3KRmY3PbJQX9zfAxkFfiSCRZRmF9:826l+EbNnrxySYiWgHjRmYfsiSKmF9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51f087b4613d27433d8cfcb125ae49d9.exe
    "C:\Users\Admin\AppData\Local\Temp\51f087b4613d27433d8cfcb125ae49d9.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\ProgramData\OZEMQECW\taskenv.exe
      C:\ProgramData\OZEMQECW\taskenv.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks processor information in registry
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\OZEMQECW\system.zip
    Filesize

    206B

    MD5

    cd4db47ad48facebe2385f585753ffbe

    SHA1

    996d2630928b30f492230e1977c72e06261d7c7d

    SHA256

    62481d06c721fafd2d574f759f8dcb67196a4d13cdfef52f2bba7bed5fae8f40

    SHA512

    5041c4e377d353bc0651eb2d753f16d76a10ec6a0b69e57c4e9150bf476cfcbfa02d87559d8ee8d32d0665202e66b40969c65fb73dbf0d201c852b28ef7fc09f

    Download Submit

  • \ProgramData\OZEMQECW\taskenv.exe
    Filesize

    212KB

    MD5

    f651d06be4944c711446cf90e86de649

    SHA1

    559f62b351e408e1fe60362dd3ebc7f8e0de85e5

    SHA256

    f20c2c3c39420a9d03a33f231ef414df6a05c2dd2b5eab945c2f5cb89670d3c5

    SHA512

    37ea39a89d32e3f635dc936a22af05829794f49c22a4b74d4365d41fd49d51f9848d5288e08c3e701e6598c3056cb510bdb31cc8789fae64f64bca3123af35ac

    Download Submit

  • memory/3052-0-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download