Overview

overview

10

Static

static

3

b578782520...9c.exe

windows7-x64

10

b578782520...9c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 19:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b5787825208888ef4a9c56d2f857089c.exe

  • Size

    64KB

  • MD5

    b5787825208888ef4a9c56d2f857089c

  • SHA1

    f055cabc8e10630e5c457b4272980718b60877d8

  • SHA256

    ddaf28525d3103b25b0863128b94d320eaba91051c1886267c5f98a9fa7d442e

  • SHA512

    392e359a903099aeee6aa4a8b03383d3d6ec5c767f451b16d55f396166e427c543528c1a096acc105110bcd1750f6a4ed52e779a01ead729023ff92675cd69f4

  • SSDEEP

    1536:V3cpyORJLuB4P4AJJv4Romu/gYF5XCcx7icBbMVMEg:V3c1fP4AJJv45sCcx7JBb/Eg

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5787825208888ef4a9c56d2f857089c.exe
    "C:\Users\Admin\AppData\Local\Temp\b5787825208888ef4a9c56d2f857089c.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\soft1\Internet Explorar" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2168
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\temp_c.bat" "
      2⤵
      • Deletes itself
      PID:672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\soft1\Internet Explorar\Desktop.ini
    Filesize

    75B

    MD5

    254a842845d5fe636a018ed64927573f

    SHA1

    405c601e91dbd53febdca03e5ccc1fd1b03107be

    SHA256

    bc4eaf790a990a2dbb8460775c257f603d2303a7ab282dd5f405264af202282c

    SHA512

    e817292fe07e880cd21e1cba72d4fec097fab51f21012a891bad6be6d43da8573a2ecc881a9c9c6a01dc421b55eb4734a79803899e51234ff4bd4c2a4a8a8acf

    Download Submit

  • C:\Program Files (x86)\Microsoft\soft1\Internet Explorar\target.lnk
    Filesize

    1KB

    MD5

    0d87c85b06cf079e9053bea024585671

    SHA1

    af254ce18f33372910f86ed47127ef8761e50ee2

    SHA256

    1013e711e6789ebdf62717fe7d44d2c21b822fe4e32b6660eb204e661efd9255

    SHA512

    95be698182e6b6ffbabe21faee0af6c7ac8e6c4fa1c0f8b34d042599c98ac29590d845a248e816057555c4c4a706d426563d365b912694517554d681cef4efb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp_c.bat
    Filesize

    186B

    MD5

    d488bbe78b64060cb66e2246fb943831

    SHA1

    81ceb5883023c11a0a895a962e515c955095df44

    SHA256

    43dc93c19f4afe84f3ade917371a45e64dc8f493a9700c1b67c54b08232ff1e5

    SHA512

    afd9abcb5edbc04b694236245ed25f3498fcb0f50159d969b836de3d04e0bf69e404cf13443cb5762f5951b51afdfc195ccabb6affac9efdaed2608325e051f3

    Download Submit

  • C:\Users\Public\Desktop\Internet Explorar.ofc
    Filesize

    3KB

    MD5

    0caa7366baa9bfa31d74d6ca56524551

    SHA1

    182c3864cb1357c64165cf432e223b4ab8ee0e5f

    SHA256

    f3773735bdae040b28c801c78377784b669311c1ff659814b987e1e9b9bc9999

    SHA512

    87e3601cbde307c62f452985b0c591d562b3c6f7b204c0a4fe7f666c22e1ce22064acf71d5a083765e9271429f6e7f6c447b1549c7cbbdb81e2f3b7a1e52126a

    Download Submit

  • C:\Users\Public\Desktop\ÌÔ ±¦ Íø ¹º.lnk
    Filesize

    1KB

    MD5

    5ffaf2527bc8e175c988c8dc53dbc484

    SHA1

    7c069a0e54469453fdc91d57bfb0e82e2e539777

    SHA256

    2f58298a3e901293b80ad5ebc164e53e76e079c3e86252f1b34f702c55ada96e

    SHA512

    f90556ed1bd94a994d3a6573757f1214cfacb03ee5d6e1b8d277fb00f95371045e279b3a05189de7baf832605845d11a99196ac85de6c0ce050c611a9ab3b8ba

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy5CC2.tmp\AccessControl.dll
    Filesize

    10KB

    MD5

    055f4f9260e07fc83f71877cbb7f4fad

    SHA1

    a245131af1a182de99bd74af9ff1fab17977a72f

    SHA256

    4209588362785b690d08d15cd982b8d1c62c348767ca19114234b21d5df74ddc

    SHA512

    a8e82dc4435ed938f090f43df953ddad9b0075f16218c09890c996299420162d64b1dbfbf613af37769ae796717eec78204dc786b757e8b1d13d423d4ee82e26

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy5CC2.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit