Overview

overview

7

Static

static

3

7326d38861...5e.exe

windows7-x64

7326d38861...5e.exe

windows10-2004-x64

Analysis

  • max time kernel
    27s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2024, 23:33

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    7326d3886168adb54df6321fcfe4475e.exe

  • Size

    552KB

  • MD5

    7326d3886168adb54df6321fcfe4475e

  • SHA1

    bf3c4cce02a77a447ef7297573794eb1fa806692

  • SHA256

    1d599bdead891a165dcc7e477b559141486d4540b1cad5c9f0a98fdf790f1066

  • SHA512

    c52240a853099e574872b3665edce6b65293a56795a825c637acdf93d54438711932dac43c7ba16415c4c2ac3ea000563c976d50d7f0c18b267d9e2a7e9e4706

  • SSDEEP

    12288:gFsqfLopJxbucxiu9HivUrkDY8vWAAeuXR+ElshSfQrXute6N:gFsqarbu0hivUrkk8uAfhESq86N

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7326d3886168adb54df6321fcfe4475e.exe
    "C:\Users\Admin\AppData\Local\Temp\7326d3886168adb54df6321fcfe4475e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Windows\SysWOW64\shutdown.exe
      shutdown -s -t 1 -f
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4452
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x4 /state0:0xa39a8055 /state1:0x41c64e6d
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of SetWindowsHookEx
    PID:380

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
          Filesize

          1.1MB

          MD5

          71520e2e016f657e0131181c093af6e0

          SHA1

          98b542d747b2dfd57ea69e42ffc8e6a6f05d18cb

          SHA256

          c77f7719ef55800ebc692edb5523f6becd83bdc25b8bc6f7dbff3c6243ef76ae

          SHA512

          d48758acc8767a78b898152efac9ce31e043904dcaddc0e60c3145bc7250e8384913833f33f717d986f2f9262a3e82ecde13b4fbece851b2b8b70af43a177b71

          Download Submit

        • memory/4832-0-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/4832-5-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download