Overview

overview

3

Static

static

3

861cd4c3b9...42.exe

windows7-x64

3

861cd4c3b9...42.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 05:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    861cd4c3b9f997068894ece373da3142.exe

  • Size

    43KB

  • MD5

    861cd4c3b9f997068894ece373da3142

  • SHA1

    8966ca21604e4ab85c759d43b9593be763045dcf

  • SHA256

    5968a3f22d3c359b23c1405f50a5af72ef74cc6261c94b7d42ae4348a2a1f73e

  • SHA512

    9e563639eb80b96cbdfdc65c786d92d6d36b3aed22ef4df309122b71d49bb785de2705f82554fe8145a8dcc8e06a364b548c814c52f6a6de7c1c937113a9c938

  • SSDEEP

    768:/r307KD+sUJdb4FSk5nSxv3Ps+ri+fXSK2vtNeFkI+eM5z97D:/rb+sUJB4fnSNsii+fsNokf77D

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 4 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\861cd4c3b9f997068894ece373da3142.exe
    "C:\Users\Admin\AppData\Local\Temp\861cd4c3b9f997068894ece373da3142.exe"
    1⤵
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\verclsid.exe
      "C:\Windows\system32\verclsid.exe" /S /C {25336920-03F9-11CF-8FD0-00AA00686F13} /I {00000112-0000-0000-C000-000000000046} /X 0x5
      2⤵
        PID:972

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\100567~1.JPG
      Filesize

      16KB

      MD5

      b33e806a7d4b84a476584a23fb3d0047

      SHA1

      ec59f1da83bfdaa8485f9c15388661390e7b65f8

      SHA256

      0832325668ec334b3f72f4d707d922b1f4ab3231b661309e882370c0b63ebadd

      SHA512

      d85ad73d880c0c4b6774f73849f2b13335542503c86d61ecf239f2e4d26e77230af9c7b9f1611e7c273d224d2030b8e2e97f16e2cb231772e97356f9c7522f2a

      Download Submit

    • memory/2220-0-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2220-31-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download

    • memory/2220-34-0x0000000000400000-0x0000000000419000-memory.dmp

      Filesize

      100KB

      Download