Overview

overview

10

Static

static

3

f4b85ada9e...8f.exe

windows7-x64

10

f4b85ada9e...8f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4b85ada9e867c7a235a51b258e835ae7a9b34a884e348d2dd36f0a5cd0bff8f.exe

  • Size

    212KB

  • MD5

    587583720f7e6a74626df9b5d0b2a206

  • SHA1

    758a4b806fda32b0399d6913b787baeebbab8b16

  • SHA256

    f4b85ada9e867c7a235a51b258e835ae7a9b34a884e348d2dd36f0a5cd0bff8f

  • SHA512

    57f917f6f9d2ebd4ef2c95be0b41e4c3418047b6c73e5004fe39b2ec4d805ebba47c457fd40e313cad09fefa79adda5cd1332b1054f7f76d4141569a698fa14f

  • SSDEEP

    3072:TCATo/0Yxk0tQ9nLHbB9WPliBs2HWWEakGJm9:TCFi4QxL7B9WPli+yWWEaz

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4b85ada9e867c7a235a51b258e835ae7a9b34a884e348d2dd36f0a5cd0bff8f.exe
    "C:\Users\Admin\AppData\Local\Temp\f4b85ada9e867c7a235a51b258e835ae7a9b34a884e348d2dd36f0a5cd0bff8f.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1996
    • C:\Users\Admin\riehak.exe
      "C:\Users\Admin\riehak.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\riehak.exe
    Filesize

    212KB

    MD5

    a2ba272f0a76739372da60d129d2c7d3

    SHA1

    9cc1ccd20f1a67614b7b07b0ce71290f2c10a727

    SHA256

    c8a404f2d68673961b964182fe2cce7703e38bbfb604c7c94e309257f06e4705

    SHA512

    bd70f78c6f9c012feb4692ac9493eb200737ef53c421ffdf9f6e14e33adfadc277b17dfe1639eb73d81d00809bd735902bac4715e068733954b50a2ea18100a0

    Download Submit

  • memory/1336-15-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1996-0-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1996-14-0x0000000003230000-0x0000000003265000-memory.dmp

    Filesize

    212KB

    Download