Overview

overview

7

Static

static

3

7373265865...23.exe

windows7-x64

7

7373265865...23.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 02:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    73732658650643a02049bd439e649d23.exe

  • Size

    6.2MB

  • MD5

    73732658650643a02049bd439e649d23

  • SHA1

    0053e7fd273f2e4c12dac95eedffa0f79a36b052

  • SHA256

    96ec2b2507de0bd5269ed6336214982170a1cace9e0ff1607b6aeb4fb5e8fe1b

  • SHA512

    d84d7469dc854146b7833d2e87919286062b6e41fbad5d269fdef278b943be496bc07f805be02f8d08037c08b579c0ebd8bd04d285fd10060272c2212e90e277

  • SSDEEP

    98304:XHqPmH+R2r4fFtmocc/v21KsSXLzOh69CBkvZcUf1aphMoRdKuIXBbvCwc:3qOeRrQlc/AV6uh69CBhQ1ghVRd8lCN

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73732658650643a02049bd439e649d23.exe
    "C:\Users\Admin\AppData\Local\Temp\73732658650643a02049bd439e649d23.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Checks processor information in registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:4260

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\0.mdd
          Filesize

          132KB

          MD5

          9eda6ac05d976773bec1a5ac2fc19c3b

          SHA1

          5885ea8e22e1d85b30e5e899c2f803c0212edccc

          SHA256

          47cc32f966ed28e1bd719faa6ce6d2919c4d447ef784b866155796ebb410ae0a

          SHA512

          21401d8c5336832d3603e596564065e20f178ec8cf5a983b232cdea97f1b5b55a6d3cfe141262e3680aa2caae8bcf9ec41d1db07e3d3edc243a7c308461975a9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\1.mdd
          Filesize

          99KB

          MD5

          f2f4d5d1202dac692495b1d9353db9ed

          SHA1

          ca8f6da6262afc85a7556568b64ec622efe67eb7

          SHA256

          33043da2e3e2eb61593c765466809a20c4ce367eb696ce0cd4a71ca43a2b0a38

          SHA512

          a0dae7f757ad75d603931dffdbb97d1bc7a0eb4872c40edaba9ff2f2809e7db8506edc212dd72536cab1bb8adbfb31f9641a5710b17e118a9d19fefe8152d850

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\1.mdd
          Filesize

          152KB

          MD5

          19da7945c15a24dcebb394e94abd0708

          SHA1

          cdb55d9c3f3edc02a5d74ad44392fb95d81b2491

          SHA256

          b1239d0f0dc212748ffb1071b4aa985d2f0fded795e44a73198b5545aeee17cc

          SHA512

          a143ffc6c9b4dd2640dcf710b201854247302baff552c05283163f9d222846d6d55a37811604c030b807115e95acb538b70e31db2261a7104b2817ac3ff99b73

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\2.mdd
          Filesize

          132KB

          MD5

          3a9fff286cf967cfd251324c83bf4921

          SHA1

          e0c90a51520ef36803469f3de79039db01cf49b9

          SHA256

          bed9643898f91e7bcc4d551ceff435c02d71867cc5a950b0de53489e26cb2155

          SHA512

          e772539f8f830d89797bd187dc07f1a66aea5aebcb7e8e2c569c8d53bcd19bb7deaf95c059c49c4d71dde8fdea07f0108e954b4cd966635881dc3e47bc62f4f0

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\2.mdd
          Filesize

          108KB

          MD5

          b37958cc63ed36059b97f4e325882ffc

          SHA1

          1053fcd06c16b730e869656b04d5c43deb21492e

          SHA256

          dea032ebf9b47349a378efef8d6abf97f3e9e4176e13c802524910b9cbb77a9b

          SHA512

          5a7e0200f316316e0d8370b91f5063f1f774c7ba11730b65dc104c49dd0791d5103bc8f4c798fb541d2d4235c30323a3337cb34c2756fa86c641eee46b3427d8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\3.mdd
          Filesize

          194KB

          MD5

          1fc866bef186aee39a075d39e333d852

          SHA1

          931d402a06e13a6af53e57f54e8b577aacb3c6ae

          SHA256

          81c6d90d733ab9bbe07b2514cd5ae2447be78a7c36e7a8d6f7fb6f9903d12093

          SHA512

          d9f279373031a8f8d2c3dc4be4528227f2ed2219daea8c60920e8a408b07cc804715c4b90df937a406f064552dbe281727afaf36bbe64aa69dadbe3c81f7b8ff

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\3.mdd
          Filesize

          135KB

          MD5

          af5a5d7e6fefc31dae5c34c3e025b0f7

          SHA1

          021225e6aaf381312a895c18a7526706a127c846

          SHA256

          1e7146acf18acdfb2a204bc4daf1ae9788edb5a652575ca9061af81b6938799a

          SHA512

          8e801ef08e2673807e04107a8d32befae1ba5d686af5022830c071448671d614a0a638141abad26247e5f4a9fb8c40c38fa703cc116358a3309225e433061fda

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\4.mdd
          Filesize

          211KB

          MD5

          a955381c5c5416d48d76dc3deeb86e56

          SHA1

          d56d6faa34b51dd2622ccdfcaf0d88c18efc7e4d

          SHA256

          fbdf6dbebdc085e984958cf76db61265111669c5b0a978bb714d5e8de617be72

          SHA512

          64445ed96d6857a3b0e4c4375fbcb02beb321e15e358eee44c0e51716950ad3a1eb47882b064aa7d1421b416d8f0aaf222e5e6e621bca2dc3fab582188bba12c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\wrd-10a4-3b0-e5744f8.~lk\4.mdd
          Filesize

          149KB

          MD5

          754d8a3509a82c0e4c5b581553637bf4

          SHA1

          984ba7f672a527c9cec6f39404628a3b8f6e134b

          SHA256

          5e893ac5ba50dc2d96364d9ad3413e550b7966cf95d7411546dec2e6c749f705

          SHA512

          efe795ba0c79bbb0c8a09a82e0421c4f7c6f47e5e49df39dec19b62656030557b6d41099d697359eb84fc9274b61d810bedfb0752a652303c12e71ac6a1ef7d5

          Download Submit

        • memory/4260-53-0x0000000001140000-0x0000000001141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-3-0x0000000001130000-0x0000000001131000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-59-0x0000000001120000-0x0000000001121000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-58-0x0000000001160000-0x0000000001161000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-54-0x0000000004D20000-0x0000000004D21000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-0-0x0000000000400000-0x0000000000A46000-memory.dmp

          Filesize

          6.3MB

          Download

        • memory/4260-51-0x00000000010E0000-0x00000000010E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-50-0x0000000004B10000-0x0000000004B11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-48-0x0000000001150000-0x0000000001151000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-47-0x0000000003360000-0x0000000003361000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-92-0x00000000049F0000-0x00000000049F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-46-0x0000000001170000-0x0000000001171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-55-0x00000000033B0000-0x00000000033B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-29-0x0000000004850000-0x0000000004942000-memory.dmp

          Filesize

          968KB

          Download

        • memory/4260-43-0x0000000001180000-0x0000000001181000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-40-0x00000000043C0000-0x00000000043C1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-22-0x0000000004760000-0x0000000004783000-memory.dmp

          Filesize

          140KB

          Download

        • memory/4260-49-0x0000000000D20000-0x0000000000E20000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/4260-36-0x00000000047F0000-0x0000000004831000-memory.dmp

          Filesize

          260KB

          Download

        • memory/4260-15-0x0000000004700000-0x0000000004732000-memory.dmp

          Filesize

          200KB

          Download

        • memory/4260-2-0x0000000003370000-0x0000000003371000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4260-41-0x0000000002D40000-0x0000000003014000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/4260-1-0x0000000002D40000-0x0000000003014000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/4260-102-0x0000000002D40000-0x0000000003014000-memory.dmp

          Filesize

          2.8MB

          Download

        • memory/4260-103-0x0000000000D20000-0x0000000000E20000-memory.dmp

          Filesize

          1024KB

          Download