Overview

overview

7

Static

static

3

5755efd4e3...fe.exe

windows7-x64

7

5755efd4e3...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/01/2024, 19:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5755efd4e347c9c30e898023adcb2ffe.exe

  • Size

    419KB

  • MD5

    5755efd4e347c9c30e898023adcb2ffe

  • SHA1

    bb8792eef67cb4ee9c5d523e1bcaaea8fdbce2c5

  • SHA256

    66349384c0eec6d6522913323e631b734d95f4b1d9a7bf858b40ad7d0a0dd99e

  • SHA512

    4b3bba46b17248a4575e756cd7dadac9f0e6479547572699bfff880b504ca92e16775254073420df7d19c2bbaca657fe408aab61638f74d14559d99c2b310f86

  • SSDEEP

    12288:0Z3/DYraQS9xo+BDL1qy54taMLKYzZx4V:6LYraQS9y+FL1bOtaMLjzZx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5755efd4e347c9c30e898023adcb2ffe.exe
    "C:\Users\Admin\AppData\Local\Temp\5755efd4e347c9c30e898023adcb2ffe.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2864
  • C:\Windows\system.cn
    C:\Windows\system.cn
    1⤵
    • Executes dropped EXE
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4668

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\system.cn
          Filesize

          419KB

          MD5

          5755efd4e347c9c30e898023adcb2ffe

          SHA1

          bb8792eef67cb4ee9c5d523e1bcaaea8fdbce2c5

          SHA256

          66349384c0eec6d6522913323e631b734d95f4b1d9a7bf858b40ad7d0a0dd99e

          SHA512

          4b3bba46b17248a4575e756cd7dadac9f0e6479547572699bfff880b504ca92e16775254073420df7d19c2bbaca657fe408aab61638f74d14559d99c2b310f86

          Download Submit

        • memory/2864-0-0x0000000000400000-0x00000000004EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/2864-1-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2864-2-0x00000000027D0000-0x00000000027D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2864-9-0x0000000000400000-0x00000000004EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/4668-7-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4668-8-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4668-10-0x0000000000400000-0x00000000004EC000-memory.dmp

          Filesize

          944KB

          Download

        • memory/4668-11-0x00000000001C0000-0x00000000001C2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4668-12-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

          Filesize

          4KB

          Download