Overview

overview

10

Static

static

3

096b4b52c7...5d.exe

windows7-x64

10

096b4b52c7...5d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/03/2024, 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    096b4b52c7d289af20304a4107d0e689afd88a2823a1cd33cae2294fa296135d.exe

  • Size

    233KB

  • MD5

    d8956d4e7b840ddd7c5b307d41ab23d0

  • SHA1

    339a21f2dab85dbe4b1ae56ce499dd0c9f9daa5c

  • SHA256

    096b4b52c7d289af20304a4107d0e689afd88a2823a1cd33cae2294fa296135d

  • SHA512

    d049c83cff6629dcbd522916429212dcb396b1cdcaf527d13d47af4ce5d88fbb71a841a0f0206c076cf3d08d86b1fad7cb930055f75c79e499d504de36d578cc

  • SSDEEP

    6144:+XWhKJ//t27PEBfRKB3A4U2dga1mcyw7I6BjtCYYs2:+Xcp7P85WHR1mK7fVtXP2

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\096b4b52c7d289af20304a4107d0e689afd88a2823a1cd33cae2294fa296135d.exe
    "C:\Users\Admin\AppData\Local\Temp\096b4b52c7d289af20304a4107d0e689afd88a2823a1cd33cae2294fa296135d.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Windows\SysWOW64\Nkcmohbg.exe
      C:\Windows\system32\Nkcmohbg.exe
      2⤵
      • Executes dropped EXE
      PID:4932
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 412
        3⤵
        • Program crash
        PID:4664
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4932 -ip 4932
    1⤵
      PID:3416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\Nkcmohbg.exe
      Filesize

      233KB

      MD5

      6e1e3722c04bafefba1b8cfbad0d8798

      SHA1

      a7b315f60039f4c3fd1f55b606ab2896b492682c

      SHA256

      23506f8865d26fe89376e1b7ece3b06554520d835187e7cd6885eaed565f86c5

      SHA512

      23b129dcb490383a82ca98f7690385229e7caf078a1e64bfbe0e0b8ba4c78c0134246c40b828a5db4d1923426ee740ddfeb0605ad63000df2cb0e68ff1bf327e

      Download Submit

    • memory/2600-0-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/2600-9-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download

    • memory/4932-8-0x0000000000400000-0x0000000000441000-memory.dmp

      Filesize

      260KB

      Download