Analysis
-
max time kernel
149s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 16:05
Static task
static1
Behavioral task
behavioral1
Sample
74ee07e8c3d31f9c19db520fa767fefa.exe
Resource
win7-20231215-en
General
-
Target
74ee07e8c3d31f9c19db520fa767fefa.exe
-
Size
72KB
-
MD5
74ee07e8c3d31f9c19db520fa767fefa
-
SHA1
f5ef3a6d93961399e1030738239fcb0f9bdaaa9e
-
SHA256
b7ebb9d5356830be5c1aa87fde192e3096776c9dc7916f63b9756e300a84de62
-
SHA512
0705a5758bce58414945557c6f228d33f92c51b8d542824749c35f440f6c1896b30132a3c101b4ee88ffe12eb6b61eed0e66f91729173c3da1c1a379dcdd79fc
-
SSDEEP
768:/L+bL0dtaki8sQpvsWhJA2DDgZumooiszPeBItv8P5+l+S9C:/4ma+sQpvsPuDgZ5ooFDeBIZ8x+l+KC
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
servicesc.exepid process 2960 servicesc.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
servicesc.exepid process 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe 2960 servicesc.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
74ee07e8c3d31f9c19db520fa767fefa.exeservicesc.exepid process 2180 74ee07e8c3d31f9c19db520fa767fefa.exe 2180 74ee07e8c3d31f9c19db520fa767fefa.exe 2180 74ee07e8c3d31f9c19db520fa767fefa.exe 2960 servicesc.exe -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
74ee07e8c3d31f9c19db520fa767fefa.exedescription pid process target process PID 2180 wrote to memory of 5052 2180 74ee07e8c3d31f9c19db520fa767fefa.exe reg.exe PID 2180 wrote to memory of 5052 2180 74ee07e8c3d31f9c19db520fa767fefa.exe reg.exe PID 2180 wrote to memory of 5052 2180 74ee07e8c3d31f9c19db520fa767fefa.exe reg.exe PID 2180 wrote to memory of 2960 2180 74ee07e8c3d31f9c19db520fa767fefa.exe servicesc.exe PID 2180 wrote to memory of 2960 2180 74ee07e8c3d31f9c19db520fa767fefa.exe servicesc.exe PID 2180 wrote to memory of 2960 2180 74ee07e8c3d31f9c19db520fa767fefa.exe servicesc.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\74ee07e8c3d31f9c19db520fa767fefa.exe"C:\Users\Admin\AppData\Local\Temp\74ee07e8c3d31f9c19db520fa767fefa.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\SysWOW64\reg.exereg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32" /v wavemapper /t reg_sz /d "msaom32.drv" /f2⤵PID:5052
-
C:\Users\Admin\AppData\Local\Temp\servicesc.exeC:\Users\Admin\AppData\Local\Temp\servicesc.exe 74ee07e8c3d31f9c19db520fa767fefa.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2960
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\servicesc.exeFilesize
28KB
MD5d5e5cf7d25a9efd10833ebdf2e18048f
SHA1a05c3eb3ba2426f0c3c4e8f7fd9fa5f2c75ed91b
SHA2561a965dc6a9768bb9ffce3cca6dd79ac93d9fe30dd3a8208f9f369fa99d809bd7
SHA512ba4bf57291b94bc0faa6b796bc0a5446afceab324fca9136124e2f2be58ee754fbe61240409bfd423e7c0939edb7587a6d43d36c83c6a9375a2f8f2eff223708