Overview

overview

7

Static

static

3

c611d2edff...08.exe

windows7-x64

7

c611d2edff...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c611d2edffd2132066d3623f85874e08.exe

  • Size

    11KB

  • MD5

    c611d2edffd2132066d3623f85874e08

  • SHA1

    d8595360c1bd516f140c855ca617cee52f906046

  • SHA256

    ef0be21fbbd5cb21defff381631cb908087506ea29299d47cdebfbe3b69126d4

  • SHA512

    f6fdae280cf2f796383eb03bd6b2d77ae1b79beb1150284472658ba27fc5f65ca8ca2eb8613b8f2d6085713a1c9bda1f3c0da3238b0165b9e4007056db3781c6

  • SSDEEP

    192:/T0hzcoJOCdjHzhx7acveQjyAT8BPVsOcrn8Y9tV7Vn00wgS+OPnX/ap:b+qAjFx71sJcr8Ehn00wgSXX/Y

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 1 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1376
      • C:\Users\Admin\AppData\Local\Temp\c611d2edffd2132066d3623f85874e08.exe
        "C:\Users\Admin\AppData\Local\Temp\c611d2edffd2132066d3623f85874e08.exe"
        2⤵
        • Loads dropped DLL
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2368

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \Windows\SysWOW64\wgdoor0.dll
      Filesize

      23KB

      MD5

      a08832980c3069cd8ca1572af5ace451

      SHA1

      c421ca3fae7629b2d392d3deaa5e6e2fdf620760

      SHA256

      ade1a34f9a31bbceced36f19a913a7541185846627baafa86baf9d6e1e1dcee4

      SHA512

      a3018f4441f2c42d210132b07115fcf056a9d1b07ea7e423febfd34fbc995d726075bdaf2f598e410361531cf59bb5c110c6df2a8db9c5e4956938d446738198

      Download Submit

    • memory/1376-4-0x0000000002950000-0x0000000002951000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2368-5-0x0000000010000000-0x0000000010009000-memory.dmp

      Filesize

      36KB

      Download