Overview

overview

10

Static

static

3

751b303b39...dd.exe

windows7-x64

8

751b303b39...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751b303b3923e73425d72689f2241bdd.exe

  • Size

    48KB

  • MD5

    751b303b3923e73425d72689f2241bdd

  • SHA1

    6cab0f37374ef05634ac4110f7382628cd5a7283

  • SHA256

    3581e0be4c1e8248b9a2533eb77f00ff2aa0736499dc7cdc84679035dd4476b8

  • SHA512

    9dde8567744afb7aee941b570b3dc868310101c330ca3aa7ea711d8bdadbd1fd77ad696510c3bbaabfee9e9c21438417f3fe163fb0a4d435775e22cb4189671b

  • SSDEEP

    768:4puk4x0JxJ137DEJRuJI8+8V4abjEjahVV9E062JLLCEnX:yZ4x0JxfDEvuC8KabjEjahVV9E1Li

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\751b303b3923e73425d72689f2241bdd.exe
    "C:\Users\Admin\AppData\Local\Temp\751b303b3923e73425d72689f2241bdd.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\751b303b3923e73425d72689f2241bdd.exe
      2⤵
      • Disables RegEdit via registry modification
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:2944
      • C:\Windows\service.exe
        "C:\Windows\service.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2588
  • C:\Windows\service.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\service.exe
    Filesize

    48KB

    MD5

    751b303b3923e73425d72689f2241bdd

    SHA1

    6cab0f37374ef05634ac4110f7382628cd5a7283

    SHA256

    3581e0be4c1e8248b9a2533eb77f00ff2aa0736499dc7cdc84679035dd4476b8

    SHA512

    9dde8567744afb7aee941b570b3dc868310101c330ca3aa7ea711d8bdadbd1fd77ad696510c3bbaabfee9e9c21438417f3fe163fb0a4d435775e22cb4189671b

    Download Submit
  • memory/2592-47-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-46-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-40-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-37-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-36-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-52-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-41-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-50-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-49-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-48-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-53-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-51-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-44-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-43-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-42-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2592-45-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-12-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-6-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-2-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-8-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-10-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-13-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-38-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download
  • memory/2944-4-0x0000000000400000-0x000000000044B000-memory.dmp
    Filesize

    300KB

    Download