Overview

overview

10

Static

static

3

996c07d097...e7.exe

windows7-x64

10

996c07d097...e7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13/02/2024, 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    996c07d0976b6f6b87096d973ab9fee7.exe

  • Size

    252KB

  • MD5

    996c07d0976b6f6b87096d973ab9fee7

  • SHA1

    58b060665f5003a0309f71d63728415bdda3bba9

  • SHA256

    140df14fcc0d114aa46090044e7abeb33079c991eac25d6e5e2da262b1ce12af

  • SHA512

    3f02cee6eebe52a1204962af647e687e35614e77ba1efd379f41f1dc42863938b0259855246bb4438f10526faaecc1e671affa594ba44e597d4b615b402d38ce

  • SSDEEP

    6144:P+ArRyrimEU/EztV++Jbtd4lfn8hFXbTom85FxnH:PNrkrimr/EztV++JZd4lfnSTo7F

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\996c07d0976b6f6b87096d973ab9fee7.exe
    "C:\Users\Admin\AppData\Local\Temp\996c07d0976b6f6b87096d973ab9fee7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1800
    • C:\Users\Admin\coiwou.exe
      "C:\Users\Admin\coiwou.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\coiwou.exe
    Filesize

    252KB

    MD5

    2cb5d462c832727cc39516d736636710

    SHA1

    1216d7b987086ed0d2647eae55356917e7736c22

    SHA256

    d23a1124900bb71cee840de24a9d2b4aafbed6129c813380c07486a26df984a4

    SHA512

    62aa46562fcc0a65024198b2a345b4815510487867800de7718698558f7e0b388aeecaa40945385e02a2b7ead5aa00d0176bfcb324fa20950b849636bbd639de

    Download Submit