f00d4b749a68c29964ec50e7c908e3c97b89c4ba33ef0a93f9fc265ff5301756

Analysis

max time kernel
26s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fde5faceca028fd4221c57a9f0d41eb.exe
Size

167KB
MD5

8fde5faceca028fd4221c57a9f0d41eb
SHA1

de5b462e4ded93660138fc5d73b9bc05e6a23201
SHA256

f00d4b749a68c29964ec50e7c908e3c97b89c4ba33ef0a93f9fc265ff5301756
SHA512

db1c41924c90375829f0204858fb42eb4930102057044f1ba759aafe246335184affdac0b6310c72737ca5321025bf55d0bd60ebe694b6f88b449dbe3aaa771d
SSDEEP

3072:Q9qNjVVJKuwwZ0fNm5o+JHVsG/NX+0APipCLS0TtnM:JjV2uU8SSmG/NO0MuQtM

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\QNB2EB90WX = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8fde5faceca028fd4221c57a9f0d41eb.exe"	8fde5faceca028fd4221c57a9f0d41eb.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job	8fde5faceca028fd4221c57a9f0d41eb.exe
File opened for modification	C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job	8fde5faceca028fd4221c57a9f0d41eb.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe
2236	8fde5faceca028fd4221c57a9f0d41eb.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2236	8fde5faceca028fd4221c57a9f0d41eb.exe

C:\Users\Admin\AppData\Local\Temp\8fde5faceca028fd4221c57a9f0d41eb.exe
"C:\Users\Admin\AppData\Local\Temp\8fde5faceca028fd4221c57a9f0d41eb.exe"
1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2236-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-1-0x0000000000120000-0x0000000000138000-memory.dmp

Filesize
96KB

Download
memory/2236-2-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-1626-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-3726-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-4717-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-6754-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-8819-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-10835-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-12848-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-14860-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-16851-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-18841-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-20806-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-22819-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-24858-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2236-25845-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download