Overview

overview

10

Static

static

3

751b6ac237...9d.exe

windows7-x64

7

751b6ac237...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    751b6ac2379e082ceb212bc4161fce9d.exe

  • Size

    39KB

  • MD5

    751b6ac2379e082ceb212bc4161fce9d

  • SHA1

    518fcd96052465de6c9d6896b8b44cceb9aca0e1

  • SHA256

    61f5ba0f235edbc106399b7848c95ff38ab6c32a12a0d98a28863a28c48c4ee7

  • SHA512

    3d29df93dbd320eaddd76d8b82d9271f1037cec67f163f468fb9e6bbe3ae1106b4acc658014cd4c3f77975d29a41660bcb21c049d8defc7672c4ad14632db1c9

  • SSDEEP

    768:4NcUQ+ENsQyU4t0ywaPQkxQPgOQ25Ar9atePVu2jA9/nW65J:4NcUQ+ENzyU4tJ1PQ+2p+VE9/W65J

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\751b6ac2379e082ceb212bc4161fce9d.exe
    "C:\Users\Admin\AppData\Local\Temp\751b6ac2379e082ceb212bc4161fce9d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe ›wÜÊEx,a
      2⤵
        PID:2744
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Users\Admin\AppData\Local\Temp\removalfile.bat "C:\Users\Admin\AppData\Local\Temp\751b6ac2379e082ceb212bc4161fce9d.exe"
        2⤵
        • Deletes itself
        PID:2580
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
        PID:436

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\removalfile.bat
        Filesize

        43B

        MD5

        9a7ef09167a6f4433681b94351509043

        SHA1

        259b1375ed8e84943ca1d42646bb416325c89e12

        SHA256

        d5739a0510d89da572eb0b0d394d4fb4dd361cd9ee0144b9b31c590df93c3be7

        SHA512

        96b84cd88a0e4b7c1122af3ed6ce5edf0a9a4e9bf79575eadfac16b2c46f1278d57755d29f21d7c6dcb4403be24b7ac7da4837c6cc9c602342a8f2b8e54883df

        Download Submit
      • \Windows\SysWOW64\cbXQjjJy.dll
        Filesize

        29KB

        MD5

        bb00e49f5700e26ef0a400b276cf7f7c

        SHA1

        0d6035893ed9f8f66da5bbebf468841b44d4082c

        SHA256

        21ffd5e68ed1367523c02752ee17a0492dc3f061fdb5dd96b81c5a6deef4918e

        SHA512

        58ef68552372017a6e97991842e6a2d69727da9c3f05b831cb694fdd0d9e614340a026fa5e59cd5aefcf72804402a92f11aaf477260db9b10c2edd5eb54f14c5

        Download Submit
      • memory/436-9-0x0000000000370000-0x0000000000371000-memory.dmp
        Filesize

        4KB

        Download
      • memory/2204-7-0x0000000000400000-0x000000000040E000-memory.dmp
        Filesize

        56KB

        Download
      • memory/2204-6-0x0000000000230000-0x0000000000234000-memory.dmp
        Filesize

        16KB

        Download
      • memory/2204-3-0x0000000000220000-0x0000000000224000-memory.dmp
        Filesize

        16KB

        Download
      • memory/2204-0-0x0000000000400000-0x000000000040E000-memory.dmp
        Filesize

        56KB

        Download
      • memory/2204-8-0x0000000010000000-0x0000000010010000-memory.dmp
        Filesize

        64KB

        Download