Overview

overview

8

Static

static

3

7d9ec704db...23.exe

windows7-x64

8

7d9ec704db...23.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/01/2024, 17:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d9ec704db993d2a34bc61730d5a3023.exe

  • Size

    959KB

  • MD5

    7d9ec704db993d2a34bc61730d5a3023

  • SHA1

    b02f863a3878e68cdd84669bf8f0dbccf7f057fc

  • SHA256

    2e2109d0ece8ba9313af565fc3df922b6590520f8f3f41e3babe3a162da1a1b7

  • SHA512

    44cde23e18e7d3fada8a18a18e0d37ca3d6b519412ff5d94cffca130323f1becb0e688a26e399d3b5a623cb219162dff652566a92d6431534a3d20b731910e38

  • SSDEEP

    24576:MPfAPg+YrPXPWeB7S53Xz33xxhLx2H6DzL7:MXAkrP/WH5nz33xxhV2aDzL

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 52 IoCs
  • Drops file in Program Files directory 19 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d9ec704db993d2a34bc61730d5a3023.exe
    "C:\Users\Admin\AppData\Local\Temp\7d9ec704db993d2a34bc61730d5a3023.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3252
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:3392
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:1904
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:3604
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:2632
    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:4004
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:1372
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:3636
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:4476
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\kldnjboo.tmp
      Filesize

      2.0MB

      MD5

      16fdd97ee6dadd3241e34d66210ec1af

      SHA1

      801965bf7f3e9471aa7559140cdfe9e6c51f81b8

      SHA256

      14b88a1ff264d15d33e6af568df55301d8e0b029c50a97b7920224fd18151d28

      SHA512

      76bc681000444a8afffc06a9997c389caefe0280ac7e0836bdb14852e5508fa42d99ba61d4e22100890e2adbe04fab63cb2efbb7efdcd3b970506f61d66d0d9a

      Download Submit

    • C:\Users\Admin\AppData\Local\nmipmedn\cpdacgnm.tmp
      Filesize

      678KB

      MD5

      a5e5a03657148581d86ecbdf2416d41c

      SHA1

      bcd9c43f24164976ea68b7be9a02aff497cbba54

      SHA256

      dbb5e10020a608dd738b0655df09e9b78e881217b6850eb41581790f07262f2e

      SHA512

      4fe50ffca8df7cb9780074934ba0526a0211c7b7052fd547195b7b5d0ba4a106bbaf0cdd0033ef66f943de00998056400b6b7709a361f95412200de6ee04a99d

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      487KB

      MD5

      257c4912d12515c89a9dc7d2a93e0f4a

      SHA1

      cf17dc29b91f781d8eb3fc2c69dc7d0c5cece1b4

      SHA256

      3703c18cba9928e176e009eead35d5769b14beb0e231dbb1ec5bc076be38304f

      SHA512

      9f9a9874b175e26f035dcfbf2f0f8f829abda8994eaec91f284d218361124cb7106c9e9e4c648644eadf0f38e01b38cf28fa50ac27146b0da0eb327abab92850

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.0MB

      MD5

      4906aabbe8bc48806cb574dbdda7aca4

      SHA1

      b2bd8ff476b8d861525b7221f47370fafc2244cd

      SHA256

      c687035bcf5869fc5d535823d3a786b2124e337798103d2ffa06d489feb0f22b

      SHA512

      6456175e2a6645254da9c5dc3f2b015eec46c71fcf4c3f0842ab426c5d687e74ce382e81be016ea6c88530eb879cb83f922228862c702a4c96271b690883071d

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      489KB

      MD5

      a8b337d88eea54e737e29c9c80a49518

      SHA1

      58f9ade2e05070dcea3dee14274c2acd108db377

      SHA256

      3fb428160f4361e3abd1dfc46beac000170b25a5ee3b30d516d4006fe6ed72c6

      SHA512

      842e1fec33f835a1379d264d47e598e8a04782bf1aa56d9907ba35c765aa48a50cb12d1c1db24ff5c5f9e1809fc4743861be5dfb55275faa0c980754d8a63474

      Download Submit

    • C:\Windows\System32\msdtc.exe
      Filesize

      540KB

      MD5

      b7da24bef4a61fcd845ce050b66dc929

      SHA1

      a48ea3345dec6d2c7084c95a7e3c2c8320f778e1

      SHA256

      126565463431d53194268cd7dea908c2458ff25208170b1de8387bfa8cddc75c

      SHA512

      298a269b7fad28156c5b681bb1391bc17948f7d53c5fda5cf030c99296a7f288889f1c34d488dd5ed85e40b2a13fa7eb6ad21aecae76800fcdfb81cd00ab9386

      Download Submit

    • C:\Windows\System32\msiexec.exe
      Filesize

      463KB

      MD5

      51c5071721e1747406cdc700f1664ad8

      SHA1

      673dbb96b648f3e3ddeeec1db80159b09b290e04

      SHA256

      866259169b62c0890ecf9174a52a03dc0be8fd44a8d35b8caddd06374e996e2c

      SHA512

      26a2a6fcf26e67a55301aa5baaefd11910fc3145dd45dbbb622a01f028fc2b5fe4b8474880970857613aa9844e500db47ef98efab6c1aa83990e3b37e1e0ac83

      Download Submit

    • \??\c:\program files (x86)\microsoft\edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      1.9MB

      MD5

      95d3ce0fd859ed2bafbed47fd3f41fe2

      SHA1

      5441f80fff869df725b61911f5b5a6ba267bc6c5

      SHA256

      7f7ecba3f7487df3da9f78ca840075e9f4cfd8826870b493260a5c9713747b4b

      SHA512

      21a8611c30da7cda154180024e068298385799192c6361ccb56cdb27f7e906648718e1ef352e04cbfbd5b7b59bbff6f677b0df4491610330b22a4fa03606fbb9

      Download Submit

    • \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
      Filesize

      613KB

      MD5

      e9e9c7058a60b03e5b5612c32d197aba

      SHA1

      e45919c668753731b92d2bc114900da7f6e09c99

      SHA256

      3cdebce2102a2d97e7ec4d31339c2c7c8506030b90ac8c40b7f96349c06a8bc3

      SHA512

      777240c3183438a6fab3b24fbb68d0622b937e48787ef8cb4b8268a3092833166ea931a64e5bb1fa3d1ab8db184a05539dee5ed8eb84a014bbe33c212c577305

      Download Submit

    • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
      Filesize

      637KB

      MD5

      b443401be0b86e3acce00257daf1401f

      SHA1

      e2ddd22d98d0ebdb815b1a1c5324581bf51f7b92

      SHA256

      2910320b8aa75c9489820509ee925391c7dbfb613d0075c4d4a97dcc17ceaaee

      SHA512

      5895563cb1faa7b9a3ec221e9baebcf255f8dbcff776d1fe78602d27a7f60a7e59347b1adc49c1d97edc36448cf01a3ba00623c8beec4ae3a18bc8db3c07bb0b

      Download Submit

    • memory/1372-99-0x00007FF7E6830000-0x00007FF7E6A85000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1372-61-0x00007FF7E6830000-0x00007FF7E6A85000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/1904-37-0x00007FF7A8000000-0x00007FF7A80D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/1904-78-0x00007FF7A8000000-0x00007FF7A80D2000-memory.dmp

      Filesize

      840KB

      Download

    • memory/2632-49-0x00007FF6154B0000-0x00007FF61560F000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2632-51-0x00007FF6154B0000-0x00007FF61560F000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3252-2-0x00007FF640410000-0x00007FF640559000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3252-11-0x00007FF640410000-0x00007FF640559000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3252-0-0x00007FF640410000-0x00007FF640559000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3392-69-0x00007FF7B3EE0000-0x00007FF7B3FB3000-memory.dmp

      Filesize

      844KB

      Download

    • memory/3392-18-0x00007FF7B3EE0000-0x00007FF7B3FB3000-memory.dmp

      Filesize

      844KB

      Download

    • memory/3392-19-0x00007FF7B3EE0000-0x00007FF7B3FB3000-memory.dmp

      Filesize

      844KB

      Download

    • memory/3396-91-0x00007FF6F3A50000-0x00007FF6F3B1E000-memory.dmp

      Filesize

      824KB

      Download

    • memory/3396-116-0x00007FF6F3A50000-0x00007FF6F3B1E000-memory.dmp

      Filesize

      824KB

      Download

    • memory/3636-72-0x00007FF7C82A0000-0x00007FF7C8394000-memory.dmp

      Filesize

      976KB

      Download

    • memory/3636-71-0x00007FF7C82A0000-0x00007FF7C8394000-memory.dmp

      Filesize

      976KB

      Download

    • memory/4004-93-0x00007FF706880000-0x00007FF706AE1000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/4004-58-0x00007FF706880000-0x00007FF706AE1000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/4476-80-0x00007FF6F2FC0000-0x00007FF6F30A2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/4476-110-0x00007FF6F2FC0000-0x00007FF6F30A2000-memory.dmp

      Filesize

      904KB

      Download