abd620815fd06046b332781fd349b629f7a2aeb9eac4319038bbc425cc56a91a

Analysis

max time kernel
143s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d1aa8282ae8efbb0cddb44d08d77285.exe
Size

147KB
MD5

7d1aa8282ae8efbb0cddb44d08d77285
SHA1

2209c3c28c580736339a652c95f175b2c6b8e329
SHA256

abd620815fd06046b332781fd349b629f7a2aeb9eac4319038bbc425cc56a91a
SHA512

42464b7c7dbc73cddf14790a02e4039120d623d1e90f075a1405b1911479dd16a0bcc90e6e490691c461024c3fcd3ffe97bcd4b75e04e69bbce8501c81eb2529
SSDEEP

3072:Cphz2hjiqANlWm6Mu4U7hF3DvyZm9KkJau/4ynXxDxS:MhzaGbNlMN4KFTvyYJawW

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
656	3721.exe

Loads dropped DLL 2 IoCs

pid	Process
656	3721.exe
656	3721.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\3721 = "C:\\program files\\3721.exe"	7d1aa8282ae8efbb0cddb44d08d77285.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\program files\3721.exe	7d1aa8282ae8efbb0cddb44d08d77285.exe
File opened for modification	C:\program files\3721.exe	7d1aa8282ae8efbb0cddb44d08d77285.exe
File opened for modification	C:\program files\3721.dll	3721.exe
File created	C:\program files\3721.dll	3721.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Deleteme.bat	7d1aa8282ae8efbb0cddb44d08d77285.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
656	3721.exe
656	3721.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 656	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	83
PID 3448 wrote to memory of 656	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	83
PID 3448 wrote to memory of 656	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	83
PID 3448 wrote to memory of 4156	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	84
PID 3448 wrote to memory of 4156	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	84
PID 3448 wrote to memory of 4156	3448	7d1aa8282ae8efbb0cddb44d08d77285.exe	84

C:\Users\Admin\AppData\Local\Temp\7d1aa8282ae8efbb0cddb44d08d77285.exe
"C:\Users\Admin\AppData\Local\Temp\7d1aa8282ae8efbb0cddb44d08d77285.exe"
1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3448
- C:\program files\3721.exe
  "C:\program files\3721.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:656
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\Deleteme.bat
  2⤵
  PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\3721.dll

Filesize
89KB

MD5
6c85c3129a0c874fc1bc6273170e359e

SHA1
9a0d90999fc69cbbcb59c43c9d53dcaa8648dc79

SHA256
a2ed3e38bf61cbdf59e50104fdc316e142d34915051fda3fb5cc3c7e9cbb631b

SHA512
9813cfaab7bde95894d487b79ec0eb3d483787f207dec1c7171518de835f21c61e57f7296d5c8bc5d95a0367e4d2e9920e95a4f29367b4ed632436d6648dab83

Download Submit
C:\Program Files\3721.exe

Filesize
147KB

MD5
7d1aa8282ae8efbb0cddb44d08d77285

SHA1
2209c3c28c580736339a652c95f175b2c6b8e329

SHA256
abd620815fd06046b332781fd349b629f7a2aeb9eac4319038bbc425cc56a91a

SHA512
42464b7c7dbc73cddf14790a02e4039120d623d1e90f075a1405b1911479dd16a0bcc90e6e490691c461024c3fcd3ffe97bcd4b75e04e69bbce8501c81eb2529

Download Submit
C:\Windows\Deleteme.bat

Filesize
184B

MD5
4b0e62818643f3d48f247aad9509c779

SHA1
b24044b3db7203c6f9e8762498a7f30bddb7dd82

SHA256
b255c8ecdd25b2dfb862601849a781e71d88be7a318b2ec25632cfd7af70fb4e

SHA512
2c960386ead1943174c134b1ae87a7db78aefeaf4fc83818b7a2cf1ce7910610871c694c5d0a61f5c2080b8a2410e2730c431bea19428f1ee5befe49a1e5226c

Download Submit
memory/656-9-0x0000000002260000-0x000000000227B000-memory.dmp

Filesize
108KB

Download
memory/656-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/656-17-0x0000000002260000-0x000000000227B000-memory.dmp

Filesize
108KB

Download
memory/3448-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads