Overview

overview

8

Static

static

3

7fb1b711da...b3.exe

windows7-x64

8

7fb1b711da...b3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/01/2024, 11:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7fb1b711da7d0f513963735afbddd7b3.exe

  • Size

    903KB

  • MD5

    7fb1b711da7d0f513963735afbddd7b3

  • SHA1

    fc5fd65378855ee5691914771db4192147af535c

  • SHA256

    7f576000d22e51d72f6cb0e18bf7b9e8e6c04f857cfbd66c9b85900454e217bb

  • SHA512

    b71d247592132edf6657339707fc567186b24f4ab353878e7a04a3d49e1e663e1e337c036bc07ea81dc5385c699647b7e580954867ed5fc30cffb1455729c785

  • SSDEEP

    12288:/gEP0EzibDdVhbLSa412Y1+m9Hazoeo6JHN4XeXPMJvMESVc040noilVSOqnoJ:II03b5Vh3Sko8fLH+Xe/MJvMgYoilVwa

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Sets file execution options in registry 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fb1b711da7d0f513963735afbddd7b3.exe
    "C:\Users\Admin\AppData\Local\Temp\7fb1b711da7d0f513963735afbddd7b3.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets file execution options in registry
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe
      2⤵
        PID:3760
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 12
          3⤵
          • Program crash
          PID:2920
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3760 -ip 3760
      1⤵
        PID:1172

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\drivers\sbl.sys
              Filesize

              2KB

              MD5

              5db1f7e0c8f4940eff0bae96dbc9c5ec

              SHA1

              bd8cc1bc82b30cfdb693582eee73cdf6680af992

              SHA256

              c59f44b6844ce5fd9f53aaf9580349e3e556080acfd2ed45ad635ee368e65c9d

              SHA512

              a5c7c9f6b11b08da20a136cd3bd5784352e675b4424cd05b1255d4b1cb0d4b108ca2b81386df847c24a89051aff19e68749b8a8362aa0d6e42ed67f83fa966c3

              Download Submit

            • memory/1368-0-0x0000000002280000-0x0000000002281000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1368-11-0x0000000000400000-0x00000000004EA000-memory.dmp

              Filesize

              936KB

              Download

            • memory/3760-10-0x00000000004F0000-0x00000000005DA000-memory.dmp

              Filesize

              936KB

              Download