Overview

overview

7

Static

static

3

802265850c...73.exe

windows7-x64

7

802265850c...73.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    802265850cd5616f53ecbf59222ff973.exe

  • Size

    31KB

  • MD5

    802265850cd5616f53ecbf59222ff973

  • SHA1

    1316bdeaf01791c65cd304ee9c1eb04ecef7daa3

  • SHA256

    4ad15dacb7efa41354bed63e742f98804eba7c886b6aad5f5709d32c84bfc5b5

  • SHA512

    d4566586b30526442821bb42cda6dfc0f9d21503799fabcfa3365052e6429bb6d2f80863c25b79324bdae47f6d83d8fde091ac5e76dcfe83dfac4d97a64a3b67

  • SSDEEP

    768:bU6wHpNgNDldoV46qTahK+5ROHf+5orZStqJg12rstlAH:bU6wJNgNH6mF+5RAfK6ItqIxtl6

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 5 IoCs
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1348
      • C:\Users\Admin\AppData\Local\Temp\802265850cd5616f53ecbf59222ff973.exe
        "C:\Users\Admin\AppData\Local\Temp\802265850cd5616f53ecbf59222ff973.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2644
        • C:\Windows\SysWOW64\gbvgbv07.exe
          C:\Windows\system32\gbvgbv07.exe C:\Windows\system32\dbr07027.ocx pfjaoidjglkajd C:\Users\Admin\AppData\Local\Temp\802265850cd5616f53ecbf59222ff973.exe
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies WinLogon
          • Drops file in System32 directory
          PID:2988
        • C:\Windows\SysWOW64\gbvgbv07.exe
          C:\Windows\system32\gbvgbv07.exe C:\Windows\system32\dbr99005.ocx pfjieaoidjglkajd
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of WriteProcessMemory
          PID:2904
          • C:\Windows\explorer.exe
            "C:\Windows\explorer.exe"
            4⤵
              PID:2788

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\dbr99005.ocx
        Filesize

        8KB

        MD5

        76948da567806229012ad2a3d697e468

        SHA1

        027b9b69eda64b4872647d49f88236603c2433d3

        SHA256

        73c5b0cbd6e42dad24ee43750a8aee23a8a00b245e8aba577f88563f73eabbd3

        SHA512

        98af9d35cafa124a0ec4a37a44e6e541641cbf474ccefabfe3c30fea15d671496e8ee37a770f727f1651032dc9496fea664423ac7e5b7c46aa1bfa9d8c39a827

        Download Submit

      • C:\Windows\fonts\dbr07027.ttf
        Filesize

        412B

        MD5

        9d0c58014a0788e4931420fb21778ded

        SHA1

        02a5eaa0b080399a28960b1088997a176fd43ad9

        SHA256

        5e6517f1bc90348282282108fdf796882c4c62940eff484968cad31cd6b0289a

        SHA512

        2691cf0607180067998398e5b489dbc802741ab3d684fb9c4fa890680903eada878ad55373548ab89ab75060949ecae48c4bb81d4e006d0f20baba179ae24ab2

        Download Submit

      • \Windows\SysWOW64\dbr07027.ocx
        Filesize

        40KB

        MD5

        01f891d680e9cec5563080332ee6d444

        SHA1

        0ccb4afd3ee1dfc58ce33cd27c498b45b0ec359b

        SHA256

        98a5e1fdbf326640350129a043a7af3faef47a643f26539dbc513114963731be

        SHA512

        eccc4bdee7b2ecbbfa50d774fc681ae44e04dcfb720904cb68c058a132a62d1ebf149f97fdbe8a0a8e8726db9a5c0ec30c484bc05b221ea1b3fb7f2545b4d54e

        Download Submit

      • \Windows\SysWOW64\gbvgbv07.exe
        Filesize

        43KB

        MD5

        51138beea3e2c21ec44d0932c71762a8

        SHA1

        8939cf35447b22dd2c6e6f443446acc1bf986d58

        SHA256

        5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

        SHA512

        794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

        Download Submit

      • memory/1348-9-0x00000000025A0000-0x00000000025A1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2644-0-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2644-18-0x0000000000400000-0x0000000000415000-memory.dmp

        Filesize

        84KB

        Download

      • memory/2904-29-0x0000000010000000-0x0000000010006000-memory.dmp

        Filesize

        24KB

        Download

      • memory/2904-31-0x0000000000090000-0x000000000009E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2988-20-0x0000000010000000-0x000000001000E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2988-32-0x0000000010000000-0x000000001000E000-memory.dmp

        Filesize

        56KB

        Download