Overview

overview

7

Static

static

7

781de665f4...df.exe

windows7-x64

6

781de665f4...df.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-01-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    781de665f493b0fb5cb294e5ba2b23df.exe

  • Size

    3.8MB

  • MD5

    781de665f493b0fb5cb294e5ba2b23df

  • SHA1

    15644428974e74dd13882e94a1db45b5cac1e2b3

  • SHA256

    ee2bcc2b314515bfb09b2d3ad22657a86e27f7e60c74ca8b62b02e1903e467ad

  • SHA512

    f8d544e4a69e9dec6f92606e811e299437ce33aa36732f0b28fcc681df717ea9d1be2192eeb65fbf73badf922d4604e388b45624de5990792c1c67e820fcfa52

  • SSDEEP

    98304:eFYB4etBf0HDoag0y8hPOm+j5uesnwN0UwgFo0fTrfiQl:eFkYWqO/3sw1wgFhiQ

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\781de665f493b0fb5cb294e5ba2b23df.exe
    "C:\Users\Admin\AppData\Local\Temp\781de665f493b0fb5cb294e5ba2b23df.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:5952
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn startt /tr c:\WINDOWS/autoexec.bat /sc onstart /ru system
      2⤵
      • Creates scheduled task(s)
      PID:1448
    • C:\Windows\SysWOW64\schtasks.exe
      schtasks /create /tn startt /tr c:\WINDOWS/autoexec.bat /sc onstart /ru system
      2⤵
      • Creates scheduled task(s)
      PID:5372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/5952-0-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5952-7-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-8-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-9-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5952-10-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-11-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-12-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-13-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-15-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-18-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-19-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download

  • memory/5952-20-0x0000000000400000-0x0000000001382000-memory.dmp

    Filesize

    15.5MB

    Download