Overview

overview

10

Static

static

3

cDA34i7Jn.exe

windows7-x64

10

cDA34i7Jn.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 05:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cDA34i7Jn.exe

  • Size

    1.2MB

  • MD5

    0eda40dd8540130f4cad3522ee287d6d

  • SHA1

    ebf18090cc0e4bb1cca228822c76d87aea719549

  • SHA256

    8fcf2f04f8650515ec14d7b5db140084710d7cad0f3faa5b64c39fe6f2d3b166

  • SHA512

    3959ddedabfb457c7ab0bad5e317f5b3b2e10283cb478bbae02ac90ef29d4c8806f8c6f1b4d4953324e41a13affdfbf0b51a2ea52795fe6db426af555ca27b23

  • SSDEEP

    24576:gu8JzEgZUknnNzB43bz/3FDhMVGYkUmdNJhmtnjyFwTACQnMs62Xx4:V8JqFVMEtHahQnu

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\cDA34i7Jn.exe
    "C:\Users\Admin\AppData\Local\Temp\cDA34i7Jn.exe"
    1⤵
    • UAC bypass
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2744
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c echo.>c:\xxxx.ini
      2⤵
        PID:2616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\_ir_tu2_temp_0\IRIMG4.JPG
      Filesize

      36KB

      MD5

      05a6b5e6f8f3c239a9669dcc693e9b83

      SHA1

      194ff18e37d56b8d988cd60bb9f0e94bbb23e767

      SHA256

      1bfa036a09bad94fc4b9ce956c13628987f4e390a5f88d64a47f44941aa31692

      SHA512

      0464644346aecc20a35c0ede49bd8e4484314941894553ed728f12c1005b5a01a222b18af396da9675c8183bf8935765ea59a03cacbeb71138270998f9f4c7cb

      Download Submit

    • memory/2744-0-0x0000000000400000-0x0000000000532000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2744-21-0x0000000002000000-0x0000000002001000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2744-24-0x0000000010000000-0x0000000010061000-memory.dmp

      Filesize

      388KB

      Download

    • memory/2744-22-0x0000000002010000-0x0000000002027000-memory.dmp

      Filesize

      92KB

      Download

    • memory/2744-37-0x0000000002010000-0x0000000002027000-memory.dmp

      Filesize

      92KB

      Download