Analysis
-
max time kernel
151s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
03-02-2024 13:54
General
-
Target
8c7e7990d19b4d9e49d420853b0240e6.exe
-
Size
235KB
-
MD5
8c7e7990d19b4d9e49d420853b0240e6
-
SHA1
b9168475e6c1458977d796156c668e5c1e98f63e
-
SHA256
19bb6ffb24c754343e205c2099497e7b809e298516d5804430ad0a5874f5aa36
-
SHA512
b8ca39bd25d88c3bc5951686dd65c73c8b3c55b89b1ab24a5e48896799e615a6fb00b339efdabb759e3ba6bffc2a6b07f7cff93f19ba3ea5d61731b574822c21
-
SSDEEP
6144:/k3FC0He3z1s0VGlAIGbE+fmV/+DnFwVE3pP0adC3HvUU5J:cVCyOz1s0VrE1/+hw+3pP0a83H3L
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c7e7990d19b4d9e49d420853b0240e6.exe"C:\Users\Admin\AppData\Local\Temp\8c7e7990d19b4d9e49d420853b0240e6.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\WINDOWS\SysWOW64\SkypeClient.EXE"C:\WINDOWS\system32\SkypeClient.EXE"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
80KB
MD527c7b4f864b3629128f76f78a4285329
SHA199dad30a0b46c21d2f383836f0558a76d020b057
SHA2565d89482116d59c64650b50c290f81baf4aa4ad793b1c7cbdd1d1e7040fb948db
SHA512149441e8ea64a2914fdb1afd60bae746a625cb84f051e20e17028e4e6d4b2a15cecf44112290c2f4a9a42c452d181f3e2968a2bbab9c85d825fb5053f52cbbb3
-
Filesize
4KB
-
Filesize
788KB
-
Filesize
4KB
-
Filesize
788KB