Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:54
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
750559a19af10b1e8ed529814b0603b1.exe
Resource
win7-20231215-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
750559a19af10b1e8ed529814b0603b1.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
750559a19af10b1e8ed529814b0603b1.exe
-
Size
146KB
-
MD5
750559a19af10b1e8ed529814b0603b1
-
SHA1
b56e880a546f1abb905816850b51bfee27edeb9e
-
SHA256
79fb6575110e29a99ec77ceafe4554c257ba3552cd6631e0883ee7c174b3ffbf
-
SHA512
5e26064d13012ec360c8f4e67e77fb552c4ac077609ec2151905b7811daff03fcc0b2bb8d1bf224585dc36124b764207c468b25274bc62e9b78f479cb8afdbd1
-
SSDEEP
3072:aCChqu4f6w7a36zuTHHRtFuWp9Ixy+sS8bGTyhoA2VDnb1HrxS/c:iIu4f6w7yXnRt0GmpTyh52dzS/c
Score
7/10
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 1 IoCs
Processes:
750559a19af10b1e8ed529814b0603b1.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" 750559a19af10b1e8ed529814b0603b1.exe -
Drops file in System32 directory 6 IoCs
Processes:
750559a19af10b1e8ed529814b0603b1.exedescription ioc process File created C:\Windows\SysWOW64\hiddukel.ins 750559a19af10b1e8ed529814b0603b1.exe File created C:\Windows\SysWOW64\hiddukel.myd 750559a19af10b1e8ed529814b0603b1.exe File created C:\Windows\SysWOW64\hiddukel.hnt 750559a19af10b1e8ed529814b0603b1.exe File created C:\Windows\SysWOW64\hiddukel.h9x 750559a19af10b1e8ed529814b0603b1.exe File created C:\Windows\SysWOW64\hiddukel.exe 750559a19af10b1e8ed529814b0603b1.exe File created C:\Windows\SysWOW64\hiddukel.dll 750559a19af10b1e8ed529814b0603b1.exe -
Modifies registry class 1 IoCs
Processes:
750559a19af10b1e8ed529814b0603b1.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "\"%1\" %*" 750559a19af10b1e8ed529814b0603b1.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
750559a19af10b1e8ed529814b0603b1.exepid process 1080 750559a19af10b1e8ed529814b0603b1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\750559a19af10b1e8ed529814b0603b1.exe"C:\Users\Admin\AppData\Local\Temp\750559a19af10b1e8ed529814b0603b1.exe"1⤵
- Modifies system executable filetype association
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1080
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1080-0-0x0000000000400000-0x000000000042C000-memory.dmpFilesize
176KB