Overview

overview

8

Static

static

3

57ecc1b0a5...b0.exe

windows7-x64

8

57ecc1b0a5...b0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    91s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2024 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57ecc1b0a5c0ec135b0a32c07ad3c6b0.exe

  • Size

    64KB

  • MD5

    57ecc1b0a5c0ec135b0a32c07ad3c6b0

  • SHA1

    5511b141d1af24f4cf1c3c9961a2b598426884a7

  • SHA256

    38a758abfd984955bc99ee97e6aa8adefd8735a383bcd39e5984253d96b261e8

  • SHA512

    eb467b26b209c0216b85b6f034dfca4d42c0769cfb46d67b46ea11fae2447cbda846e001ff6fb294ba406f053da2364336736c7829edd14969be829efd7f3452

  • SSDEEP

    1536:wLDvm+2os137h7B40VGdDSS0ZvUQ8d2sXV:wvv32osphzVGdx0RUQ8TV

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 3 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\57ecc1b0a5c0ec135b0a32c07ad3c6b0.exe
    "C:\Users\Admin\AppData\Local\Temp\57ecc1b0a5c0ec135b0a32c07ad3c6b0.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets DLL path for service in the registry
    • Loads dropped DLL
    • Drops file in System32 directory
    PID:4224
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k etwor
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    PID:4624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\ncgqkf.dll
    Filesize

    93KB

    MD5

    1a4fd422e1539d65155942d198a55c64

    SHA1

    4c2d7ad158c6aa5ddf16d1e099360bdcb9ea6c13

    SHA256

    bc8e866f6f647bd5f2615ec7e248a1ede19aec6b1ca901bafd84ec471c86f503

    SHA512

    0e558e6025930ff07e3a0fb6adbfe0106e54d939337e5c82c6cc895894fba3689a7b09b6190e427c7793d4b602fd1774335c6d5f44909ed16ed852af63f50796

    Download Submit

  • memory/4224-0-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4224-2-0x00000000009B0000-0x00000000009B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4224-10-0x0000000000400000-0x0000000000407000-memory.dmp

    Filesize

    28KB

    Download