Overview

overview

10

Static

static

3

4c89755530...70.exe

windows7-x64

10

4c89755530...70.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    4s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c897555300ba83acb86471e90ef5870.exe

  • Size

    384KB

  • MD5

    4c897555300ba83acb86471e90ef5870

  • SHA1

    e147cdabef3aa30c5f142eefdead1ea412c5d9c5

  • SHA256

    37eade5cf9249f144d7479a0ffd1627e736d1e7bb525182d37db003a6f43212a

  • SHA512

    2a0422c65ad3aabf49fd52f02502fe47ade7131688d1f98c9a1f71144d6cd1826afd8b3945270075103f9783022b769897eea620128502d91970f26adcaf11d9

  • SSDEEP

    6144:MdtuVyRv55G5ke9MRs0On1SIFs7Bqwtj9kJ8c0IITjZ0N7/cYL9duz4hwOUu808R:1eR5GdCs0O1BkBqwtjFc0fTjZOT59ozj

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Windows security bypass 2 TTPs 10 IoCs
    evasiontrojan
  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Windows security modification 2 TTPs 14 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c897555300ba83acb86471e90ef5870.exe
    "C:\Users\Admin\AppData\Local\Temp\4c897555300ba83acb86471e90ef5870.exe"
    1⤵
    • Windows security bypass
    • Loads dropped DLL
    • Windows security modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
      "C:\ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe" "C:\Users\Admin\AppData\Local\Temp\4c897555300ba83acb86471e90ef5870.exe"
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Windows security modification
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
    Filesize

    205KB

    MD5

    eac9539e110740110c869df65ca5db8d

    SHA1

    765614b3b31c304bec71358d57faa611cd958ea5

    SHA256

    a9cd028216a478690265892defd8f0cf05bca302c13cfbac1831d7b0faf1bde9

    SHA512

    6f84b343ee01358466fb14ae474ef7adb87d36dc23b624ca5f3abade4f6641235d8b6b538a3256ed604cf647d147da98c2089d986d6a3660774399fa11865a07

    Download Submit

  • C:\ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
    Filesize

    1KB

    MD5

    f3c001834eac12c7d0f83376c2c7347a

    SHA1

    3989a7af3b77ab732a420179e662e144422f09c9

    SHA256

    30f44cfca5000b2aec26659c3027ec184ed7de86eff705bec11ee21cf474cfbf

    SHA512

    98e2efc065b4e9efd8402075a72d43e587e2b4b5d4117ec92dbb522878f0530d4c25aec169e787f5341badc2ac55adccc2f3a998fa5f3bbb3361c425fe1854f2

    Download Submit

  • C:\ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
    Filesize

    159KB

    MD5

    adccb4b07071491d019d24d1f8af8f81

    SHA1

    97ec36c2127bd1b606d9eac063ac51a7fa74dd32

    SHA256

    54a22fc5684e2439f1a2ed2e3014836f94d63601204d53c924e866125b532653

    SHA512

    d292a5b665dbab1d2135f1286d38671620b43365854a005fdd983528376ff64b7372d71fcb0443df8419e46772f0526e4bd1ae78c3cd0513c6e1294318c9a76a

    Download Submit

  • \ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
    Filesize

    139KB

    MD5

    d76ea8c08b810f06d4c94a9d86d837b0

    SHA1

    4d47ee51d28198bc3c64b2866be1eeeb9bfae45c

    SHA256

    cacf0be9436df12495e1e35b1a80f594feeb9710219f8130e77de93d41b0f439

    SHA512

    3a7473301cd7e2c4a652790ce59f0798f9b2a811a46f89fc584d0042258a8a3490f886ddcb17319c99021e45b9151ff56465944c547d0657edc78732f6bb895f

    Download Submit

  • \ProgramData\043A6AEB00014973000C5A72B4EB2331\043A6AEB00014973000C5A72B4EB2331.exe
    Filesize

    19KB

    MD5

    d156bad36ee545e706dc2a682382700b

    SHA1

    abc55fa527627353f4133bd79d186fffbc60c3e7

    SHA256

    3ae672b6f2056a506c01754303906f3565a29071a204fe5166f6b51677e3cde3

    SHA512

    37873eac42ac9f467f22af96ef72c68b0c70b4131e4816e6d654486c9f8984248d422584b6b8935df071b209fc4f9cac4dcb7671f2ef255c6e544b91b4db5f7c

    Download Submit

  • memory/2156-1-0x0000000002070000-0x0000000002071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-5-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2156-36-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2156-27-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2156-0-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2156-7-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2156-2-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2156-6-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/2156-4-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-18-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-16-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-21-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-22-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-28-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-29-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3020-23-0x0000000000330000-0x0000000000332000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3020-39-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-41-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-42-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download

  • memory/3020-45-0x0000000000410000-0x00000000004D5000-memory.dmp

    Filesize

    788KB

    Download