Overview

overview

8

Static

static

3

b787f06059...3e.exe

windows7-x64

8

b787f06059...3e.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 13:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b787f06059820f3d96e8a8aaabfd693e.exe

  • Size

    321KB

  • MD5

    b787f06059820f3d96e8a8aaabfd693e

  • SHA1

    16ee749b3ffd10707937f659329f9fc5e6364b60

  • SHA256

    ea9d3179ac9da0c37c890a3c43a0a84681b264418ccc647dd240823c7e6152fc

  • SHA512

    12b98ab5bf9ca21ae78d495128a4f71109e89dcfcb31187416ae939d1f1b707de01c54721e24595d7c2bb69caade891d639cec05577a00c93ef0850c49082873

  • SSDEEP

    6144:c4rjlbKLpBz/o6WhsjJ8wHljxFhfi9I9tMUle9IGnVrxPM/+EUn:c4XItWM/3Xhle53E

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of FindShellTrayWindow 30 IoCs
  • Suspicious use of SendNotifyMessage 19 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\b787f06059820f3d96e8a8aaabfd693e.exe
    "C:\Users\Admin\AppData\Local\Temp\b787f06059820f3d96e8a8aaabfd693e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\uvl.exe
      "C:\Users\Admin\AppData\Local\uvl.exe" -gav C:\Users\Admin\AppData\Local\Temp\b787f06059820f3d96e8a8aaabfd693e.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2512
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2676

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\lkj67CA.tmp
          Filesize

          31B

          MD5

          5ab8e3fd3396e641054ae777bd0623ef

          SHA1

          9400df7b7a738f6c6c593a3006b217420ad4a713

          SHA256

          fa38bed84411e8470a9903711d9c966d7c56affaa58b674ef9ddfac644f72e71

          SHA512

          43464adfba2639c5789380b5ae1270239d9a88dc6904a0f22a8d7058ddd4351f184b569c0fb167e7d714104392e93410c16215fd959e0506d188f9489a480fb1

          Download Submit

        • \Users\Admin\AppData\Local\uvl.exe
          Filesize

          321KB

          MD5

          b787f06059820f3d96e8a8aaabfd693e

          SHA1

          16ee749b3ffd10707937f659329f9fc5e6364b60

          SHA256

          ea9d3179ac9da0c37c890a3c43a0a84681b264418ccc647dd240823c7e6152fc

          SHA512

          12b98ab5bf9ca21ae78d495128a4f71109e89dcfcb31187416ae939d1f1b707de01c54721e24595d7c2bb69caade891d639cec05577a00c93ef0850c49082873

          Download Submit

        • memory/2044-10-0x00000000009E0000-0x0000000000A4511C-memory.dmp

          Filesize

          404KB

          Download

        • memory/2044-9-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2044-11-0x0000000001FE0000-0x00000000020FD000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/2044-20-0x00000000009E0000-0x0000000000A4511C-memory.dmp

          Filesize

          404KB

          Download

        • memory/2512-30-0x0000000001230000-0x000000000129511C-memory.dmp

          Filesize

          404KB

          Download

        • memory/2512-32-0x0000000001230000-0x000000000129511C-memory.dmp

          Filesize

          404KB

          Download

        • memory/2676-31-0x0000000003E50000-0x0000000003E51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2676-34-0x0000000003E50000-0x0000000003E51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2676-48-0x0000000002690000-0x00000000026A0000-memory.dmp

          Filesize

          64KB

          Download