Overview

overview

7

Static

static

3

70a7b24fd3...26.exe

windows7-x64

7

70a7b24fd3...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 21:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    70a7b24fd3ba9c06499e27ad62d34b26.exe

  • Size

    23KB

  • MD5

    70a7b24fd3ba9c06499e27ad62d34b26

  • SHA1

    64ce8cf801b5dc0c801b1074fd7beb314473ef28

  • SHA256

    21332c34b668303fa85778069b138aed08b55c513c44b9d595864222a8b7460d

  • SHA512

    df6ba7b8fcf8ea7dac39ac15c3891676b6bfe9976578445d42312b9a6e68babae80554f9d61583002879c32c1c04340cd21dd635ea5fcb7672ebb97586f5fbd3

  • SSDEEP

    384:HUHR/qUstMTWUDTD4h1SyF/XoMXEZyGmc/XMCA5l1Atr:HUx/qWFDTDo9LGmckNleh

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 55 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70a7b24fd3ba9c06499e27ad62d34b26.exe
    "C:\Users\Admin\AppData\Local\Temp\70a7b24fd3ba9c06499e27ad62d34b26.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\70A7B2~1.EXE >> NUL
      2⤵
      • Deletes itself
      PID:2404

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Windows\SysWOW64\122B901E.dll
          Filesize

          13KB

          MD5

          d7c11f487ee24d01b34401847046e510

          SHA1

          3d2bd26212a56f366cbe4978b8ba3255ed44bcd8

          SHA256

          02f2074bc0ccf4ab5a318566d49d0e82764b38c94d95971d663ce83b0120ee14

          SHA512

          45491199e365791402a2a313d6b4f6f55b3b7b6ac2bd48743affcf1b4b01fa0d5b0a6b1992d25ca2f6847d63a7354348c685ae98ab5895607b2c5b7ff031fd90

          Download Submit

        • memory/2544-1-0x0000000000500000-0x0000000000501000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2544-8-0x0000000010000000-0x0000000010018000-memory.dmp

          Filesize

          96KB

          Download

        • memory/2544-9-0x0000000010000000-0x0000000010018000-memory.dmp

          Filesize

          96KB

          Download