Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-03-2024 03:11

General

  • Target

    b112a18ff573b178d747b3dabaf43cb0.exe

  • Size

    686KB

  • MD5

    b112a18ff573b178d747b3dabaf43cb0

  • SHA1

    ce315ae15ee19f1607ff2c6decbe7f5b2e400354

  • SHA256

    aa542f2c7e095a2454833c52310da90fb5665099ad6bdd21e383e695de3afbcd

  • SHA512

    3cd5602e08f30833473a88db56fa3afd0a448fd493ce77d60913cbf0a8b401a49a50697f421f773341d4a5b04debf09bb0727b251c2888f43bc9ed7f5fce6445

  • SSDEEP

    12288:UcD663UqANQ4dLOSwCDfJqlE6uGiGSAlVLuBRzXA2oAMHVB66EYAUTS9D/ksSzQB:UxXLtwCc26uGi2VCHXSBzTaDMsAQR3

Score
8/10

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 4 IoCs
  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1232
      • C:\Users\Admin\AppData\Local\Temp\b112a18ff573b178d747b3dabaf43cb0.exe
        "C:\Users\Admin\AppData\Local\Temp\b112a18ff573b178d747b3dabaf43cb0.exe"
        2⤵
        • Adds policy Run key to start application
        • Modifies Installed Components in the registry
        • Adds Run key to start application
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:2192
        • C:\Windows\SysWOW64\explorer.exe
          explorer.exe
          3⤵
            PID:1404

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1232-3-0x00000000024B0000-0x00000000024B1000-memory.dmp

        Filesize

        4KB

      • memory/1404-2680-0x00000000000E0000-0x00000000000E1000-memory.dmp

        Filesize

        4KB