Overview

overview

10

Static

static

3

75142584cb...1d.exe

windows7-x64

7

75142584cb...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75142584cb192706ad5d3b11b9eaf91d.exe

  • Size

    96KB

  • MD5

    75142584cb192706ad5d3b11b9eaf91d

  • SHA1

    a169e096d9b857e83cedb1cfd44f62851902be6f

  • SHA256

    f81ab3359080addc2a6f5e891b276af6c703b223d57f5a111bc46702a0955952

  • SHA512

    923e894d0873c5796cf79b66144e781a4800aa3ae7029f8f20e0edf0a17652473bc25c173b21211c158913ae51c167b805f5529765c7b9f6057fb0abcf5e78c3

  • SSDEEP

    1536:Gtn6qM+9ETOMMjwRTfh+VkMnTvXb8VHhAuQWJyieWo4DDAibGvzNK8Y2eWF:A6qnEFBf4kMT/eBUE7eWo4DkJzDY2eWF

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Drops file in System32 directory 13 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Modifies registry class 64 IoCs
  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75142584cb192706ad5d3b11b9eaf91d.exe
    "C:\Users\Admin\AppData\Local\Temp\75142584cb192706ad5d3b11b9eaf91d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\SysWOW64\34C30.exe
      C:\Windows\system32\34C30.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "net start 34C30"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2348
        • C:\Windows\SysWOW64\net.exe
          net start 34C30
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2852
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 start 34C30
            5⤵
              PID:2860
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "net start 34C30"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2788
          • C:\Windows\SysWOW64\net.exe
            net start 34C30
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:2876
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 start 34C30
              5⤵
                PID:2900
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "net start 34C30"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:2792
          • C:\Windows\SysWOW64\net.exe
            net start 34C30
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:2024
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 start 34C30
              4⤵
                PID:2732
        • C:\Windows\SysWOW64\34C30.exe
          C:\Windows\SysWOW64\34C30.exe
          1⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Drops file in System32 directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2864
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c "net start 34C30"
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:2756
            • C:\Windows\SysWOW64\net.exe
              net start 34C30
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:2744
              • C:\Windows\SysWOW64\net1.exe
                C:\Windows\system32\net1 start 34C30
                4⤵
                  PID:1624
            • C:\Windows\SysWOW64\1CC02.exe
              C:\Windows\system32\1CC02.exe eee
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:1536

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\MSWINSCK.OCX
            Filesize

            105KB

            MD5

            9484c04258830aa3c2f2a70eb041414c

            SHA1

            b242a4fb0e9dcf14cb51dc36027baff9a79cb823

            SHA256

            bf7e47c16d7e1c0e88534f4ef95e09d0fd821ed1a06b0d95a389b35364b63ff5

            SHA512

            9d0e9f0d88594746ba41ea4a61a53498619eda596e12d8ec37d01cfe8ceb08be13e3727c83d630a6d9e6d03066f62444bb94ea5a0d2ed9d21a270e612db532a0

            Download Submit
          • \Windows\SysWOW64\1CC02.exe
            Filesize

            104KB

            MD5

            840b1eb2c3e003f542d8f0b5a0a09f5c

            SHA1

            c3d3b721d5a941c16307265e6ef1b339474ef201

            SHA256

            7910ee7760acc55a9a440e819f5d72153169e8b84dfdb508575feaea4e1ad18c

            SHA512

            4d26490d9b48a179828001e749d932c82c4cc4941b1f5c5bd864a5427d802dbc799652f65117235f9346bee233c1db3718a0ad10c5614c88613b88a878291509

            Download Submit
          • \Windows\SysWOW64\34C30.exe
            Filesize

            96KB

            MD5

            75142584cb192706ad5d3b11b9eaf91d

            SHA1

            a169e096d9b857e83cedb1cfd44f62851902be6f

            SHA256

            f81ab3359080addc2a6f5e891b276af6c703b223d57f5a111bc46702a0955952

            SHA512

            923e894d0873c5796cf79b66144e781a4800aa3ae7029f8f20e0edf0a17652473bc25c173b21211c158913ae51c167b805f5529765c7b9f6057fb0abcf5e78c3

            Download Submit
          • memory/2208-0-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2208-1-0x0000000000020000-0x0000000000022000-memory.dmp
            Filesize

            8KB

            Download
          • memory/2208-6-0x0000000000450000-0x0000000000498000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2208-13-0x0000000000450000-0x0000000000498000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2208-18-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2356-15-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2356-17-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2864-20-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download
          • memory/2864-40-0x0000000000400000-0x0000000000448000-memory.dmp
            Filesize

            288KB

            Download