Overview

overview

10

Static

static

3

d857497b50...00.exe

windows7-x64

10

d857497b50...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d857497b50a6241eeeb60a0d12fd89f1d2712ed7c83979b4ea0b40dd350f5300.exe

  • Size

    88KB

  • MD5

    94a5c7f44778ce2fef26dca4f29af2d8

  • SHA1

    46f04d966b60301098290f6cb2b29532ccdd4c84

  • SHA256

    d857497b50a6241eeeb60a0d12fd89f1d2712ed7c83979b4ea0b40dd350f5300

  • SHA512

    8701957fe5418cc8ed4cf6668271529e200d0ca98dd95dc73cb388e5f8b694f2f1e04de7c437e06431c5ff2ef1c7cec4cf27d3584f006aae34c510dce446a71a

  • SSDEEP

    768:vAh68qOJ+TtE9RwHpFeh6gM1rA8dOsc7jUq4RkA5o3K1DfsvtzsXjLft+9o1mm:vAhHqlZEoLFjnAzA5o6BfItoXjLl0hm

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d857497b50a6241eeeb60a0d12fd89f1d2712ed7c83979b4ea0b40dd350f5300.exe
    "C:\Users\Admin\AppData\Local\Temp\d857497b50a6241eeeb60a0d12fd89f1d2712ed7c83979b4ea0b40dd350f5300.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\nibey.exe
      "C:\Users\Admin\nibey.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\nibey.exe
    Filesize

    88KB

    MD5

    256ea8001de4fc763b3feafafb97d046

    SHA1

    ef2deefe0e72c090c3955a32d4abcef592adc5d2

    SHA256

    4cca8f4782a1a15c53abcf03256fe53eaf4eb883975d33b3c056e53f8fe6d8d6

    SHA512

    eaa14777a3be6ab9c3ff0989bb7260adcb179e268603e9d2717bc50b59f5f77d2872d0804eb9dc8838432303e90dd803a403d8f4594e50a7e7608d3b0d2604e0

    Download Submit