Overview

overview

10

Static

static

3

97a6d80fef...62.exe

windows7-x64

10

97a6d80fef...62.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/02/2024, 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97a6d80fef701f78c64b684179abee62.exe

  • Size

    55KB

  • MD5

    97a6d80fef701f78c64b684179abee62

  • SHA1

    d621b354868afa4f4103f3ab2bd10f24134b6082

  • SHA256

    1bce4b7d44c6b84b3605b287e57b0c919e3960734b88fcc192909074d34d2d57

  • SHA512

    2e04e77783b0028be56e356e373fd7f1278cdc7543fa260094802c658f05e9e11b8a94f775d20c1b50c5192c7c4467f967c0ec272a33dd4b9b628f8d2b655c6a

  • SSDEEP

    768:Oe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJapg4RoSMZeUZB/QosWpH+DrCUpfA:V3cpyORJLuB4P4AJJv4Romu/9tpvUZQ

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\97a6d80fef701f78c64b684179abee62.exe
    "C:\Users\Admin\AppData\Local\Temp\97a6d80fef701f78c64b684179abee62.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\ie13\Internat Explorer" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2196
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp.bat" "
      2⤵
      • Deletes itself
      PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp.bat
    Filesize

    186B

    MD5

    6deb28dcf633e2682295f02a8533d427

    SHA1

    8637ea7ae4a9c98d674ee7848d288a44b07f7c38

    SHA256

    232559bdcb7f60122948d5185e23b5c4a776e86d22bce4145eaf1248bc606bb7

    SHA512

    a3c8582b07cf502a3c42b1367e0280b99eec6a327a949dccedd73e69fa07f27d8c9bcef6a5040bcfbf3df532711f4932fcd13cb204067165d1e49ffeacfe5051

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsi3CB4.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit