a729fd1da7979a5c274f72b1aa45f80f8d01ea549f73a810daff8bf2ee8080e3

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64fa65eee539b7f4ce13171bf344485a.exe
Size

74KB
MD5

64fa65eee539b7f4ce13171bf344485a
SHA1

ea986dedf1b131707bb9e865606c162a5d68a9a0
SHA256

a729fd1da7979a5c274f72b1aa45f80f8d01ea549f73a810daff8bf2ee8080e3
SHA512

b972652dc2ed319897e4aae489fd2f86e1cf6a39783a8986caea1b772a4b9299610820645b1f843f16d4068047ad013f39cfc4caa88d7a4d76e507a9671d9600
SSDEEP

1536:9bIygyS1ftXvbUKa1NpVR6DYQcHcUiI+Yz7QaVgMVApgwh3vis:9bI8AftJCNN6fcHcUf+YHQaVgMVA1

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1960	64fa65eee539b7f4ce13171bf344485a.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\HELP\F3C74E3FA248.dll	64fa65eee539b7f4ce13171bf344485a.exe
File opened for modification	C:\Windows\HELP\F3C74E3FA248.dll	64fa65eee539b7f4ce13171bf344485a.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	64fa65eee539b7f4ce13171bf344485a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	64fa65eee539b7f4ce13171bf344485a.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	64fa65eee539b7f4ce13171bf344485a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\HELP\\F3C74E3FA248.dll"	64fa65eee539b7f4ce13171bf344485a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	64fa65eee539b7f4ce13171bf344485a.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1960	64fa65eee539b7f4ce13171bf344485a.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 2000	1960	64fa65eee539b7f4ce13171bf344485a.exe	28
PID 1960 wrote to memory of 2000	1960	64fa65eee539b7f4ce13171bf344485a.exe	28
PID 1960 wrote to memory of 2000	1960	64fa65eee539b7f4ce13171bf344485a.exe	28
PID 1960 wrote to memory of 2000	1960	64fa65eee539b7f4ce13171bf344485a.exe	28
PID 1960 wrote to memory of 2376	1960	64fa65eee539b7f4ce13171bf344485a.exe	30
PID 1960 wrote to memory of 2376	1960	64fa65eee539b7f4ce13171bf344485a.exe	30
PID 1960 wrote to memory of 2376	1960	64fa65eee539b7f4ce13171bf344485a.exe	30
PID 1960 wrote to memory of 2376	1960	64fa65eee539b7f4ce13171bf344485a.exe	30

C:\Users\Admin\AppData\Local\Temp\64fa65eee539b7f4ce13171bf344485a.exe
"C:\Users\Admin\AppData\Local\Temp\64fa65eee539b7f4ce13171bf344485a.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:2000
- C:\Windows\SysWOW64\cmd.exe
  cmd /c 2.bat
  2⤵
  PID:2376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
64B

MD5
a7a53b95039a69190055a2547e669d8e

SHA1
8fe2e1baccb1adcbb7b311958827c3a5142e57b1

SHA256
63b8653d59af1408e70ef10c64c68f9042554a1c30595b26c11a74888c641019

SHA512
3389e390155ad9e86bc5a8b64588d0fe789bf8a9df27e11a50abae38c0391597d6ac4c249f7e97352381d1868346067474d4142ce44ec0352b9fbc9198a098ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
63B

MD5
0a4a1f14608d10f67889c5b99093cfcc

SHA1
7b9e35b897f80f915945a57a2eda439d1158d76b

SHA256
f08393a2aba1df34b451e9cf786ec5c9f796df7d1cdad5462422efefea3a967d

SHA512
c973a9abb5476855075d96d7cb333079fed3f0f2bcb7fd8e615efe13a6b13ae6f747e4a31b3ff5bfdee1c4e6f32e6f88b55ba2322c5bc03d7b9607d9bcb5cd30

Download Submit
\Windows\Help\F3C74E3FA248.dll

Filesize
59KB

MD5
2d1468318084da8d46675c3d77977b19

SHA1
a2eb4a632c7af6ac31edf1fa9f3b788eaf65daf5

SHA256
716b997e036ada1e63415813f71b51b61d641494d398a27f6f50bddcba30e2a3

SHA512
9c45c2acf06161f121733b791bd575f258c5e2777906ac6d894b017e457b9f18b7ab6ceeb24c4b61ba26d0a8d155fac760fa489f880d121ab4803bbf813cb8e7

Download Submit
memory/1960-0-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1960-1-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1960-22-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/1960-23-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download
memory/1960-24-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/1960-25-0x00000000001B0000-0x00000000001EA000-memory.dmp

Filesize
232KB

Download