Overview

overview

10

Static

static

3

778d64fdb2...30.exe

windows7-x64

10

778d64fdb2...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    778d64fdb29e30cd9a08688cf2ef3230.exe

  • Size

    96KB

  • MD5

    778d64fdb29e30cd9a08688cf2ef3230

  • SHA1

    d3f4d20e464802c58895f8644a097763fa9f893f

  • SHA256

    4be424dfcbf8f7d95d8c4e15aa046b93963dae1217e57ae605bc1b00855e2297

  • SHA512

    6eea8260b910e9e88fbe30220d2f8ad0f696c37bee67aa19e5e035605d16674905679dd47816f83f31271fa2deffb0685a9596337331e027cea93067b0ad1ea7

  • SSDEEP

    1536:drhBH9f6cOahh9kGulSc16l6u+NMMl/KlYv1T4hThFgNIjnZ2n:Bvh0lu88FFgCn4n

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\778d64fdb29e30cd9a08688cf2ef3230.exe
    "C:\Users\Admin\AppData\Local\Temp\778d64fdb29e30cd9a08688cf2ef3230.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Users\Admin\nooake.exe
      "C:\Users\Admin\nooake.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\nooake.exe
    Filesize

    96KB

    MD5

    1f317ca5c899a03cd3e821764080a619

    SHA1

    c632779704148c851f0dac650ec5fc3c7237b0f4

    SHA256

    f3fe970f7889c726a831fff3b69c482d3de6c4ec6ab6a5759fb6f63da1dc7b4c

    SHA512

    b521e086ebd870a6af5898a3040e5759fceada54a4556d1866beca75f1b08fa7a16923bf77541cc6bf3caed498d507d33f5ec1d5bd9402af0c59cb91588d5c89

    Download Submit