Overview

overview

10

Static

static

3

b9dc1399a6...7e.exe

windows7-x64

10

b9dc1399a6...7e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b9dc1399a6f3b9f4e2143f97c8b33c7e.exe

  • Size

    100KB

  • MD5

    b9dc1399a6f3b9f4e2143f97c8b33c7e

  • SHA1

    959a332b99fb39b6e743b9c46cd509906fee23eb

  • SHA256

    bdc9d1464bc134fba84ad814eab3901f7f16ec8da8647f1a01aa66e63f69cfd4

  • SHA512

    602a3f186e61e1e8bdc402bd2e79fce7c12f7b8e2f595b52b432c2439cc3a587ee47ca7cdcc5f5c59b406099b26a41719d84d11062ab03752d9afe17857dda85

  • SSDEEP

    3072:fg5qO5/oPeu37EgnA0oe+JQzBvD7Vly8:NO5/oPeurVgnQtvD7S

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 6 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\b9dc1399a6f3b9f4e2143f97c8b33c7e.exe
    "C:\Users\Admin\AppData\Local\Temp\b9dc1399a6f3b9f4e2143f97c8b33c7e.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1596
    • C:\Users\Public\Music\ld11.exe
      C:\Users\Public\Music\ld11.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Modifies Internet Explorer settings
      PID:1644
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\dxxdv34567.bat
      2⤵
        PID:2936

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Public\Music\ld11.exe
      Filesize

      100KB

      MD5

      b9dc1399a6f3b9f4e2143f97c8b33c7e

      SHA1

      959a332b99fb39b6e743b9c46cd509906fee23eb

      SHA256

      bdc9d1464bc134fba84ad814eab3901f7f16ec8da8647f1a01aa66e63f69cfd4

      SHA512

      602a3f186e61e1e8bdc402bd2e79fce7c12f7b8e2f595b52b432c2439cc3a587ee47ca7cdcc5f5c59b406099b26a41719d84d11062ab03752d9afe17857dda85

      Download Submit

    • C:\Windows\dxxdv34567.bat
      Filesize

      249B

      MD5

      4f8e06c27d0d557be8be293383bd44bc

      SHA1

      d5adcf73082fbf02b7c9b55f93e8ff9aa99bc213

      SHA256

      780f7f022b878a3e99fdfa085f721109211c271f25066cc9876850066fe58502

      SHA512

      e29e0de5502cc2f4be91392e9982baf3b946b5ddd57edc012586b39bc5e37f1f29f4f758ca338b2ca606cca316b5eff6f64dd0f4555bfe6964c530df5eaf7e07

      Download Submit