Overview

overview

7

Static

static

3

9c9474177e...d3.exe

windows7-x64

7

9c9474177e...d3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 05:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9c9474177eebcdffc65012df07e9e7b73b7aab7d0f0523f696208e041b682ad3.exe

  • Size

    15.1MB

  • MD5

    061b1432bba5948bd1b1622cc168b6cf

  • SHA1

    672dc12d268ebdeecbc61f9a8490cae610c9c224

  • SHA256

    9c9474177eebcdffc65012df07e9e7b73b7aab7d0f0523f696208e041b682ad3

  • SHA512

    c2a225e3c976fb93e17bcf25121da10301759d2b8b4399d04fe7d93b65af4b3e9276fe85ea31cd2dbf984e9c9a9d6515e56dbc08d96a354882fcdd09a6cb769d

  • SSDEEP

    196608:d0MimhBy2QpadQtwsK0LuFiCBIkQyYAl2+KCZXaaR:dHyRkP0LuFiCBIkl22RaaR

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 61 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c9474177eebcdffc65012df07e9e7b73b7aab7d0f0523f696208e041b682ad3.exe
    "C:\Users\Admin\AppData\Local\Temp\9c9474177eebcdffc65012df07e9e7b73b7aab7d0f0523f696208e041b682ad3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1888
    • \??\c:\dlq\ÈÈѪ±¦±¦.exe
      c:\dlq\ÈÈѪ±¦±¦.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \??\c:\dlq\rxbb.dll
          Filesize

          633KB

          MD5

          c530edf5e361bae68899d3f3589b692d

          SHA1

          2358ec47411addee7604e839c38484e64fe232f5

          SHA256

          7c60dbaa8e9d0f1228336a890d4ddef253491dcbe1dfdb1f079138c7ab9afcd4

          SHA512

          7d0a5f10255c09206da4f8f841c097f8afde9696a5b10177178d0ddfaec2cd44eb7a296421eafcd5244519e2a0b73d9cbb96c22ce13f17adbdb46bdde8a5433d

          Download Submit

        • \??\c:\dlq\rxdbb.dll
          Filesize

          1.1MB

          MD5

          c99826e5901ad146870b4ea8c74c6979

          SHA1

          0bcb1393ecfacefb8ee3b6199526d9bbc51364c5

          SHA256

          03aff11e16d3346689e977733c0539a17a00a97ca29b1f38e54c6adc4fb5cd21

          SHA512

          b3f8991bd95c72837a8c39099cf4a142a1b546d247b1d53edc40943b9c9e98e0fea4c6730468a38c33fea54061244e6a9101c35416b7a8e3741166c81440622b

          Download Submit

        • \dlq\ÈÈѪ±¦±¦.exe
          Filesize

          78KB

          MD5

          53e349d071e99b30cc6614110e64be57

          SHA1

          3fc1dde617aed1c560567eece508f48cc632b73f

          SHA256

          46203b1b5227c376972763cb9a1721bdeef514f8b1d7299633b1f7bbe8f89683

          SHA512

          deff0ce21b0ac4153bea58ca1b0e8a1b98d77db917266662aec6a642dddaf3480faf8adfd08e213e25a4d9ea9784014b21a36a03e0ac9d8d875c5397a674d02d

          Download Submit

        • memory/1888-12-0x0000000000890000-0x00000000008A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1888-15-0x0000000000890000-0x00000000008A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1888-20-0x0000000000890000-0x00000000008A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1888-21-0x0000000000890000-0x00000000008A6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2608-16-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2608-19-0x0000000002DD0000-0x0000000002E74000-memory.dmp

          Filesize

          656KB

          Download

        • memory/2608-22-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download