Overview

overview

10

Static

static

3

c3e12de664...a7.exe

windows7-x64

10

c3e12de664...a7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 16:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c3e12de664fc93be79cb8f146fa22ea7.exe

  • Size

    13KB

  • MD5

    c3e12de664fc93be79cb8f146fa22ea7

  • SHA1

    dc6c60f6ce989e721d47e0775cde1f57d772fe69

  • SHA256

    c669b2c4587f8cd5d3c076bca06f8e324ba033bba3903e76e89a41e7e8430827

  • SHA512

    d7a2364b226b05194a42cb66593f07189333be138f477115b19b1786a3d224ff3422a5ae908d279a1a80d34b6933d0f0ccb899e44e2aabfca5b37813653e8264

  • SSDEEP

    384:vGm8Ynsn4CVEHjPc4AKVcOZNXjKUW1XLqg/uGHq//wEh:em8Ys4/bc4A0cOZN+UW1XTvq//wK

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c3e12de664fc93be79cb8f146fa22ea7.exe
    "C:\Users\Admin\AppData\Local\Temp\c3e12de664fc93be79cb8f146fa22ea7.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\22BD.tmp.bat
      2⤵
      • Deletes itself
      PID:2608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\22BD.tmp.bat
          Filesize

          179B

          MD5

          95461827fbfecb00471b3378124281bc

          SHA1

          fda3e3be75d2ac21985ec1f17faf27c7b628a898

          SHA256

          c5a1c9aa26345600d0f2e7b90cf6770bc1648ac848eec286c50e02247c6e1810

          SHA512

          00409b71fb7029f0a4d9c6c203ad78f8acd58ca7c8f4e47f57467b75fc575acbd5b61dd9ede595f649fce89c8d85d5f13febb510cbb306007eab815f38cae3a8

          Download Submit

        • C:\Windows\SysWOW64\dispexcb.nls
          Filesize

          428B

          MD5

          974579fbd1bdbf831240c0aad550b647

          SHA1

          fa87dbd1fe4cc2707453e245a6acc5aecece0084

          SHA256

          f5bf2ca039470a76e6e0c2a10ad98f48bb3163301beb25f462f74db34e6b631c

          SHA512

          f108a9dffb85c74df8f215a2373274f94501e9e8b2fdcfd5c3ca470539182cf535375f56356bb243acc34ad6267a0db01331ef1bda9699d3ce4fb063c7a1ba74

          Download Submit

        • C:\Windows\SysWOW64\dispexcb.tmp
          Filesize

          724KB

          MD5

          3c083ddf3f0921495c67b92759fb00fa

          SHA1

          2dabe100995ac74e589fef2757e4547c46496ab2

          SHA256

          e365d64d66d2f78a8e04d20930059fd47b734069e23fa8210303aca3b2e7f053

          SHA512

          036f8009ef706ed26c57a1c0008ff7efff1b7bb56b9e20542a31ca922e27f1ae4de8aabe22f969e4e4891cd1b6e3092a1adde87cf6f2fd34f722ee7f36a9239c

          Download Submit

        • \Windows\SysWOW64\dispexcb.dll
          Filesize

          247KB

          MD5

          1bb876a1c9aef849e2cb0afb78fe48f5

          SHA1

          4b2cbdc08deb4fb66d64f0f2635c9554ad0fa328

          SHA256

          818b9870564b561badb8c1dc66bb21126b63313d8180c7cd0735c998ade0a27f

          SHA512

          a994e4a5029c386ae03dd73ca1c76d21a6c0d08a9ad965e292ffa129c4f05259fca1dfcdc81fb0b852fc704970f2e96dd5805e975dd98c18ad592645e524f5db

          Download Submit

        • memory/2292-16-0x0000000020000000-0x000000002006C000-memory.dmp

          Filesize

          432KB

          Download

        • memory/2292-26-0x0000000020000000-0x000000002006C000-memory.dmp

          Filesize

          432KB

          Download