Overview

overview

10

Static

static

3

75223dcf04...b9.exe

windows7-x64

8

75223dcf04...b9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75223dcf04ed991c3c6285b3a8fcfeb9.exe

  • Size

    143KB

  • MD5

    75223dcf04ed991c3c6285b3a8fcfeb9

  • SHA1

    3e829e04b2b5e0dec8deb30b03de94771894a09d

  • SHA256

    3be80cfa604086072f7763041a1324bce517f90d67d401c81a8297ed60699f99

  • SHA512

    79263f738fb2e2b0d293d8a6ea53f381afaade88688b21144239bb0be6730c632089b11d8b87c6a813bff5cf53e67537b7723bc9df7d30848315903a81e5a1c0

  • SSDEEP

    3072:XJqmWJGq7dW9p6ra8cWaBCFW4fFFrdEMPXgbnVfAW3hpSt:smmdUv8cWaBCFW4tZ+kXgbnGKpS

Score
8/10
persistence

Malware Config

Signatures

  • Modifies AppInit DLL entries 2 TTPs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1272
      • C:\Users\Admin\AppData\Local\Temp\75223dcf04ed991c3c6285b3a8fcfeb9.exe
        "C:\Users\Admin\AppData\Local\Temp\75223dcf04ed991c3c6285b3a8fcfeb9.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2408
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\259409522.bat" "C:\Users\Admin\AppData\Local\Temp\75223dcf04ed991c3c6285b3a8fcfeb9.exe""
          3⤵
          • Deletes itself
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2360
          • C:\Windows\SysWOW64\attrib.exe
            attrib -r -s -h"C:\Users\Admin\AppData\Local\Temp\75223dcf04ed991c3c6285b3a8fcfeb9.exe"
            4⤵
            • Views/modifies file attributes
            PID:2264

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\259409522.bat
      Filesize

      69B

      MD5

      604802586163bdc9eda42f6a471e01ad

      SHA1

      fc255017a78e3ec103f73c8c8651effe08089c81

      SHA256

      02f35eec8f33e1ad57621253ee252ca073f6cc16bf9712d89859ffeb6bb49dd3

      SHA512

      66dc346d7bdcc80fc8ae6894ae10cab306aaf5cf1c1dd750a971d3df37d6f4ac607d188f583d08b526e3df13234cec9c7fa7f9bdc4c4ad187fc83a3506b94888

      Download Submit

    • \Windows\SysWOW64\fingshta.dll
      Filesize

      63KB

      MD5

      aa5a35cd1cca7152c8df2a80193b8a56

      SHA1

      5d1f272e7eb836a767e144b778b8dc249068b9ce

      SHA256

      710ff2c7c6bb6b6bfa6c91b01c11db4056af6ee0ed90f7c4c89dec8fb7fc5799

      SHA512

      d52c7aa1d99b726511c45488928fd629206d8d6846558b545beb72da3110a45ef22b6163f28b6bf383e519b81ae7e6f4dcdbfcfbee60c6fec3bfc60f3063614d

      Download Submit

    • memory/1272-2-0x00000000029B0000-0x00000000029B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2360-19-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2360-20-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2408-0-0x0000000001000000-0x0000000001025000-memory.dmp

      Filesize

      148KB

      Download

    • memory/2408-13-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download

    • memory/2408-14-0x0000000001000000-0x0000000001025000-memory.dmp

      Filesize

      148KB

      Download

    • memory/2408-15-0x0000000010000000-0x0000000010013000-memory.dmp

      Filesize

      76KB

      Download