Analysis

  • max time kernel
    28s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 14:20

General

  • Target

    22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe

  • Size

    75KB

  • MD5

    ed2d7b25bb360cccb4f0f6a4f8732d7a

  • SHA1

    6ffcc083956c5ac19826bdd87e12f87817ee837c

  • SHA256

    22f524abc98f958705febd3761bedc85ec1ae859316a653b67c0c01327533092

  • SHA512

    6592ec1a12f9575176474c6192d49f4f4a87998da6692e07e8ba6a93789d6a92e41dbabd3488a27a49ec8c8c414e02751867feb2a0038e4091630ca3e4fb235f

  • SSDEEP

    1536:K3Mz8enofIxQrFP+ZrFugrZpVnWw7V15Frrmi:xweZQhGZ5ugDVnj7V15Fr

Malware Config

Signatures

  • Windows security bypass 2 TTPs 6 IoCs
  • Executes dropped EXE 1 IoCs
  • Windows security modification 2 TTPs 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe
    "C:\Users\Admin\AppData\Local\Temp\22F524ABC98F958705FEBD3761BEDC85EC1AE859316A653B67C0C01327533092.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4316
    • C:\Windows\winrecsv.exe
      C:\Windows\winrecsv.exe
      2⤵
      • Windows security bypass
      • Executes dropped EXE
      • Windows security modification
      PID:1408
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:4116
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
        PID:3556

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3556-37-0x000001FCA2740000-0x000001FCA2750000-memory.dmp

        Filesize

        64KB

      • memory/3556-57-0x000001FCAABE0000-0x000001FCAABE1000-memory.dmp

        Filesize

        4KB

      • memory/3556-56-0x000001FCAAAD0000-0x000001FCAAAD1000-memory.dmp

        Filesize

        4KB

      • memory/3556-55-0x000001FCAAAD0000-0x000001FCAAAD1000-memory.dmp

        Filesize

        4KB

      • memory/3556-53-0x000001FCAAAA0000-0x000001FCAAAA1000-memory.dmp

        Filesize

        4KB

      • memory/3556-21-0x000001FCA2640000-0x000001FCA2650000-memory.dmp

        Filesize

        64KB