Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7508e9c66aaf82a4be63f4cc09abde9d.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
7508e9c66aaf82a4be63f4cc09abde9d.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
7508e9c66aaf82a4be63f4cc09abde9d.exe
-
Size
800KB
-
MD5
7508e9c66aaf82a4be63f4cc09abde9d
-
SHA1
9086b49fb69b88800a637df40919c25badae9d10
-
SHA256
5a5d6d75d3a14fbbb2663f7fca47e8b3f6dd54bdec02c04c8953f11e85d3b2fd
-
SHA512
f6e55c05e3f70b8dd42e2c7f29e221d08e3cf5c8c297cb808ef2d5f7d7f963663d63cae63d898aff544eeb7414117ad57c139c8fcd163c531e43c430e3e88ea4
-
SSDEEP
12288:qEZN94jvdr4De7Hsm280HD1EMk3hSGEznP1M/llk7yNewXz+5PnmTF/zSE:qSN94jFbMmxODoRBEr1MlS7/gz+5ux/H
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
7508e9c66aaf82a4be63f4cc09abde9d.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\7508e9c66aaf82a4be63f4cc09abde9d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7508e9c66aaf82a4be63f4cc09abde9d.exe" 7508e9c66aaf82a4be63f4cc09abde9d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\7508e9c66aaf82a4be63f4cc09abde9d = "C:\\Windows\\system32\\svchost.scr" 7508e9c66aaf82a4be63f4cc09abde9d.exe -
Drops file in System32 directory 2 IoCs
Processes:
7508e9c66aaf82a4be63f4cc09abde9d.exedescription ioc process File created C:\Windows\SysWOW64\svchost.scr 7508e9c66aaf82a4be63f4cc09abde9d.exe File opened for modification C:\Windows\SysWOW64\svchost.scr 7508e9c66aaf82a4be63f4cc09abde9d.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7508e9c66aaf82a4be63f4cc09abde9d.exepid process 2124 7508e9c66aaf82a4be63f4cc09abde9d.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2124-0-0x0000000000400000-0x00000000005EE000-memory.dmpFilesize
1.9MB
-
memory/2124-1-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB
-
memory/2124-3-0x0000000000400000-0x00000000005EE000-memory.dmpFilesize
1.9MB
-
memory/2124-5-0x0000000000230000-0x0000000000231000-memory.dmpFilesize
4KB