Overview

overview

10

Static

static

3

74f41ef794...a8.exe

windows7-x64

10

74f41ef794...a8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74f41ef79426aa52f86d56ccf4cc21a8.exe

  • Size

    124KB

  • MD5

    74f41ef79426aa52f86d56ccf4cc21a8

  • SHA1

    b1569c80227c783c8a43c96fa8c2fd479382148d

  • SHA256

    0c743cd6bd26bc4b3386cbbfd9dffef730354f6e9b17fe2e5783f6faa2eb27af

  • SHA512

    dba6c8bebb1f50154947909735be99306c73c11341580748dcc0105814ecc986abfad7d988153d27457f5aa04173b78deb04bc53ebe4b1e497402266e98e29b9

  • SSDEEP

    1536:vWtkjiTQbuvU0GgAJa0P1kNmKldCMhdu8KWP/nTn8nBP9VewNeG0h/l:skjBbAU0GgAT98t

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74f41ef79426aa52f86d56ccf4cc21a8.exe
    "C:\Users\Admin\AppData\Local\Temp\74f41ef79426aa52f86d56ccf4cc21a8.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\nkdac.exe
      "C:\Users\Admin\nkdac.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\nkdac.exe
    Filesize

    124KB

    MD5

    00143e3dd8cfe60b710bc1d45f2a59f9

    SHA1

    7f00d2ec167645a8909746b5d4a2700db92fe7f9

    SHA256

    713a7737e2e97215801c596efbef1c0b84fc68d871c17ac0cc0af13680cd8cae

    SHA512

    8242654ddac13a09b50045a9820b35f0ada04486416c9934f48d3bdbbbeb65293c3100e118f1da6e6d4be0fdbbf624194844d2ea3fc211fab854d5b8569a97a1

    Download Submit