Overview

overview

7

Static

static

3

d87e929894...b3.exe

windows7-x64

7

d87e929894...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d87e9298945c1c2080f6f0dbd5dcade3512b6d240f87aa2eebbb9c8c3c0e75b3.exe

  • Size

    76KB

  • MD5

    4579bbe96a66a9cd538b1fa3e571b2ce

  • SHA1

    2082efa3a91a6cd45969241457a097049529433a

  • SHA256

    d87e9298945c1c2080f6f0dbd5dcade3512b6d240f87aa2eebbb9c8c3c0e75b3

  • SHA512

    8f0f38ca18013b2379a0b9e6bc4d9df1a4b23c6a2e3bc7e19402c2d0a36126e98320b874646ad4f67ac171b7bc28c2947ae4cbe559e30e7ac73db606c47c5df6

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOHVi:GhfxHNIreQm+HiAVi

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d87e9298945c1c2080f6f0dbd5dcade3512b6d240f87aa2eebbb9c8c3c0e75b3.exe
    "C:\Users\Admin\AppData\Local\Temp\d87e9298945c1c2080f6f0dbd5dcade3512b6d240f87aa2eebbb9c8c3c0e75b3.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2616

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    82KB

    MD5

    66a30637171a5d87115412a1646eb187

    SHA1

    acd319835b92e93c3952e528ffb4f8f781cbbeb6

    SHA256

    9ddf77487482f4d94f1ee6250899b91a0d94fb494542ff35a59e03bc608f36f6

    SHA512

    80b5344ac87a87e19fa0ceb23476e6e1707da7bb3e5bc328f577287733dd6d84d98359284366e6edbd459b6e51d5267dae4f46999864307ff05aa232c143951b

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    82KB

    MD5

    7c353f756f5ea459a24b4abc6cd20bb3

    SHA1

    593cbdc11c5253c1d7e3b4671d6d8bcdd07866ea

    SHA256

    38f2aadca7c79a75b8de7270a2efbf7e26664a5a72bc502fadd3ac4c492241f9

    SHA512

    c1382a9a4578d32e2252e1501891551cd6609a58d378433d81dcdf5a9f26bc2ec6563960ec2adff079c85d46bcf4045990651f73a5e05922b4b349862984ab8e

    Download Submit

  • memory/4388-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4388-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download