Overview

overview

10

Static

static

3

7d06306b6a...a2.exe

windows7-x64

10

7d06306b6a...a2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d06306b6a04fba8a02edbf3410624a2.exe

  • Size

    280KB

  • MD5

    7d06306b6a04fba8a02edbf3410624a2

  • SHA1

    98513cadbf73c45ea0e4f0fe2faa64fc2a6a0205

  • SHA256

    a2708084a07e5f2a81b0b2b8b224da86f8655d33cf31bb6d87c73453755cea67

  • SHA512

    338805d015ac03bbc3f07cf1a3bb1c3bd56c9b0c6d2914db98a1d13d5a24a3a93df8097d62f8e34a58c10decd717132cee94ccccc4aaea7cf127e5d0cac06476

  • SSDEEP

    3072:Da3TiHOPiu8aQb3TqDUCiGjHJDbRv9y+qwa+rZf/MVBXAF:mTiHOq3TqD+0HBb5ta+rZ3MTW

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d06306b6a04fba8a02edbf3410624a2.exe
    "C:\Users\Admin\AppData\Local\Temp\7d06306b6a04fba8a02edbf3410624a2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Users\Admin\nuoor.exe
      "C:\Users\Admin\nuoor.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\nuoor.exe
    Filesize

    280KB

    MD5

    7e9ab4ad817a8170466058211b6af5b5

    SHA1

    aebb3ffd66f366c3c8896f9c907155c97ea85575

    SHA256

    53e4e575d0835bc52013544b79516d0a5fd8a7636096cd2fff0f03ae5370c777

    SHA512

    ed083871585a79c4a63f543764725f8b616a8e2f48e699e2cd44e8ee2a81fe9956e2f225c7084e01287a264bb0c8258ae4c021dd987c1dc77d864a43e1d0fea6

    Download Submit