Overview

overview

6

Static

static

3

639f5e93bc...19.exe

windows7-x64

6

639f5e93bc...19.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/01/2024, 21:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    639f5e93bcac941530352e0916880c19.exe

  • Size

    2.2MB

  • MD5

    639f5e93bcac941530352e0916880c19

  • SHA1

    564e54f749ee1c08ff65c95f99d8fa2f277bfc31

  • SHA256

    cc3d543e01f02408b76a2ffee482db5ce0e36b6a21ec1813dc32d89af99513b1

  • SHA512

    3c502469e41a38b12dc308cdda48f44814b3f3422bdc20067e2a6486862719cf0322cf4f6bf13849392f1a14e8998000e9c557e1aaa3c240485279d54277b842

  • SSDEEP

    49152:Lh+WjxRdLeF7E3hZ61ypomk2rWG5R4obiCedd/grhVU:LQWHdL2E3hE1y4295JiCu/Ah

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\639f5e93bcac941530352e0916880c19.exe
    "C:\Users\Admin\AppData\Local\Temp\639f5e93bcac941530352e0916880c19.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn startt /tr c:\autoexec.bat /sc onstart /ru system
      2⤵
      • Creates scheduled task(s)
      PID:1316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1084-1-0x0000000002D50000-0x0000000002D52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1084-0-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-2-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1084-4-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-6-0x0000000002D50000-0x0000000002D52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1084-7-0x0000000002DB0000-0x0000000002DB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1084-8-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-9-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-10-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-11-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-14-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-15-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-16-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-17-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-18-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download

        • memory/1084-19-0x0000000000400000-0x0000000001002000-memory.dmp

          Filesize

          12.0MB

          Download