Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2024 03:59

General

  • Target

    c265b00a3571eba0b50f3520ed66fde0.exe

  • Size

    142KB

  • MD5

    c265b00a3571eba0b50f3520ed66fde0

  • SHA1

    9e40426519aa6b152dab35c7b33371aee53104d5

  • SHA256

    26d92a26e274636e5b39303cbff4237e9f4cbd3de9a564f5eebf59003b4cb6a4

  • SHA512

    9972b5d86d7c72edb97a27fd7b8f60549b5975d4f944eed1c08be6f1c34988d943d03930ef64df296f10604c0958fa4aa9d8941edcc01ca76eb0d1ed076893f3

  • SSDEEP

    3072:n7IF7N4rIbtIrmA9KQcJJ78IrDlq2RzFq247DCLTzltNSFN9b23y0PEOmuHw794h:n+NaL9KQcJJ78IrDlq2RzFq247DCLTzE

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c265b00a3571eba0b50f3520ed66fde0.exe
    "C:\Users\Admin\AppData\Local\Temp\c265b00a3571eba0b50f3520ed66fde0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Users\Admin\deuun.exe
      "C:\Users\Admin\deuun.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\deuun.exe

    Filesize

    142KB

    MD5

    0ca15338df5147e7851fe8170de46f45

    SHA1

    47675cf3c3f49e2396e0d45a9fd8787d72de7298

    SHA256

    9c64ecde91643bb216e7d6ffb032d1d592ebccbedbd784bf32242e557198a610

    SHA512

    356a4bff0a0286bec443fa68c5035fbb9f9517ee6c0700841b45d9b707707c2429006bd165454a15a0a454da61822f265b7a0649d0c41e678a0e0941c6c11578

  • memory/1160-0-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

  • memory/1160-15-0x0000000002660000-0x0000000002687000-memory.dmp

    Filesize

    156KB

  • memory/1160-8-0x0000000002660000-0x0000000002687000-memory.dmp

    Filesize

    156KB