Overview

overview

8

Static

static

3

68993c6205...93.exe

windows7-x64

8

68993c6205...93.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68993c6205407de1bf8760c84137e593.exe

  • Size

    55KB

  • MD5

    68993c6205407de1bf8760c84137e593

  • SHA1

    4a32ae2c9c79ab2b60b22587100952cb17c7e8cf

  • SHA256

    41ee89d4eec44057d1ac3ce266a234bd05f3302d8559adca9cc95d8cf1c12f96

  • SHA512

    8c63e1da35c1697b9d586a66a010e11573e8866330c97c468652b0bf7df0fd2adc078c697349354d83d244eac7c87ae1cb99fb80c930f728d17f1c1a37f6e842

  • SSDEEP

    384:KkvGzVFQoo8GZpWlp2vMMJ7UFm030P3Kl56oSgQu2Gldy62ApxBwGkzsTgEgIm3v:1OJnGZpWlcABO3Q6RgP662E0QTDgWTr

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68993c6205407de1bf8760c84137e593.exe
    "C:\Users\Admin\AppData\Local\Temp\68993c6205407de1bf8760c84137e593.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3036
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\delf764fa6.bat
      2⤵
      • Deletes itself
      PID:2424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Fonts\Winwtopi.dat
    Filesize

    1010B

    MD5

    8c0d86830bd6c9a2ead133288c723b59

    SHA1

    77f9b841484ac7bb4d43d9f5a4395f069ddae037

    SHA256

    84661ecab6c2875c357adcb382060174f42e75a577959b782e63d036cdc18392

    SHA512

    aea2c47baa213a2c5a112506d241cab5fea2c660210f010b8c6ae6c00b0ca82856cacdb9ef8f87c156a6c177345ff4e70426030259004f72a4ac32bd9493d9e1

    Download Submit

  • \??\c:\delf764fa6.bat
    Filesize

    207B

    MD5

    a1c3377092c8e4ae1b662654206c2aa4

    SHA1

    c2725ba334930f8f3f6ecc1289c18884fa106e02

    SHA256

    29d259c73ca8d79c1faa4e6b9496190d743633db135b262fa6a1efef987d903b

    SHA512

    962524d999cabb9ced6bd802531d8dfdb092d50741c54a9197e0d19703790f879ebcf3e8b50ee05e581e76cb8472491660e1bf69730ca702239a1980412227b0

    Download Submit

  • memory/3036-0-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/3036-15-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download