Overview

overview

10

Static

static

3

b5965bf95c...84.exe

windows7-x64

10

b5965bf95c...84.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 20:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b5965bf95cafef11e4a7691e48484c84.exe

  • Size

    15KB

  • MD5

    b5965bf95cafef11e4a7691e48484c84

  • SHA1

    b0725d1e5890ec0bc4e4bfc2820c1ccfa8704eb4

  • SHA256

    7bc98f29cd5046fc3a64fd187e2597215ccb71e843b891b7c0c4f2c666efe047

  • SHA512

    3f5b20e7d456901d9727838634cc3f8b3589a6d748447a847d1b677ebc713ac055019af74e33ab0e26e21230c9029a51e320083ea764d2dd7d5795a89fbdc626

  • SSDEEP

    384:+cqvk88Mje8s5dGxcvONP3+fwVc0wBzUFiX9rrk7:+cqlK86Mxcvq3+fcc5zUFiX9rrk7

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5965bf95cafef11e4a7691e48484c84.exe
    "C:\Users\Admin\AppData\Local\Temp\b5965bf95cafef11e4a7691e48484c84.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2492
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\AE12.tmp.bat
      2⤵
        PID:2152

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\AE12.tmp.bat
            Filesize

            179B

            MD5

            3162544eddb442d35ae31c50988b1225

            SHA1

            2efe265d5ee97283ccc00442397c44756c1ec591

            SHA256

            25cc1e8a19748858622aa383c94b3b25e108f353371a7cf7a937153034ed6ed7

            SHA512

            0a4a0c0039f5ae3a4aabebf30f8032e825defe5ffd1305d2abf4647a789a87419e06d91f427d42fd1df61e18e991278510609c3bfeec5c9d513cd4c5a9b0bfa3

            Download Submit

          • C:\Windows\SysWOW64\rasdlgcq.tmp
            Filesize

            701KB

            MD5

            ba131eae1b57300306abc4f03693c536

            SHA1

            cb8d54199285ecab5dd8d148b084f65bca464964

            SHA256

            a546c147a1d98f31739ca37c4adc7974b6a39c2a371ba9499b2bb03d7031ade5

            SHA512

            8e4ab016f7b050b6773100ab54aad3bac88283654324282e8fce8b77ad8f3aafd0e5361eaa47ace6c7775badccf9af54e93fc16d0ddfb4fa439ae11a9ea9ff60

            Download Submit