Overview

overview

10

Static

static

3

7500abde57...f2.exe

windows7-x64

10

7500abde57...f2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7500abde570e37dfe1a450f98e6774f2.exe

  • Size

    94KB

  • MD5

    7500abde570e37dfe1a450f98e6774f2

  • SHA1

    31c3044778d2e18379af8cc03f4e3500154894c0

  • SHA256

    3a07c871cd53f42ebb9bc5136f12ebac6d68b90b6392dfec2b134f4aedb61672

  • SHA512

    a73730e1995413b6cd9614c8df0dbf680800497c88deb531e05a193fb564cd2f6a00ac46a60ecf318fb13c2b987644819159161755e37f9be1660739913dc8a1

  • SSDEEP

    768:Q6quHUzxzOOTdqqYJTScKx8UJklOquH+npqigVjfqXPXkfyUhV:Q6BJTRK1k8IpWjw0fZ/

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7500abde570e37dfe1a450f98e6774f2.exe
    "C:\Users\Admin\AppData\Local\Temp\7500abde570e37dfe1a450f98e6774f2.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\8EC8.tmp.bat
      2⤵
      • Deletes itself
      PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\8EC8.tmp.bat
    Filesize

    179B

    MD5

    69c78b41602f6243654d2ffafaedb954

    SHA1

    d4e8de5ba354080ab8bc4b796e8f9ee8b73eaf38

    SHA256

    ea13cfe15e335efdad087dc5852a7072d4fd66fcfe290bab935cfd4cd28ef7ab

    SHA512

    7428fb419117080a975792782e6f1a6abdc57cd2dcca7c01e52fa68c4c20738d1c7442a26f83780aea1abb645903d3168e985f1f3fa0c07707ef49a092d9ce12

    Download Submit

  • C:\Windows\SysWOW64\dpvvoxmh.tmp
    Filesize

    731KB

    MD5

    018a5c8effa5800bbf934a536aa630cc

    SHA1

    93bef36f4ed280ec28bd89f6079caa699e88bc88

    SHA256

    55b2e85ec87fabb2b6707efb50f64a22cbb89ec552cd76153fe9f21b09e3e6e2

    SHA512

    10cca28077b31e6bbb9f82a2ef9687389ad50bdfd159ed69e93db7fdeea416755141e4d94eaf53fd9e14d4545cf22bf5b958b0da2cdd423651c562b21319bfea

    Download Submit

  • \Windows\SysWOW64\dpvvoxmh.dll
    Filesize

    629KB

    MD5

    6ed1a56739e6d1b1cc30180683798bdc

    SHA1

    8fbb1e9534f99b6fea63fea8fb23e85c5529761a

    SHA256

    0c8a43240bf665fb6588808d1748f7f4d9fd17a73f6e3aace27dbedd882671f7

    SHA512

    af3b409882a7c340211b6d658e713e330aa521dc09ff549fdf583ac190f41a74a926c40ba3158b1bd64664a9e497d1f93fb4006d2275a8a9b85ff6c34acb0ecf

    Download Submit

  • memory/1852-8-0x0000000020000000-0x0000000020009000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1852-17-0x0000000020000000-0x0000000020009000-memory.dmp

    Filesize

    36KB

    Download