Overview

overview

7

Static

static

3

c769e3f760...85.exe

windows7-x64

7

c769e3f760...85.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c769e3f760d81182dd833f4324eaca85.exe

  • Size

    580KB

  • MD5

    c769e3f760d81182dd833f4324eaca85

  • SHA1

    3445516c271cb9cb61300c4ce432220949181e01

  • SHA256

    d00ed36179012b1dd613169cd96146ac73d779a7069f9013d7753885180031ae

  • SHA512

    e0e77ca9e52bb46956d2c7140b97eddbc2df599041fa50069eab91614b87d7d88aad0dcea9d611a0954dfd696b49088be141c60c68407f63dbb5a20d7a98b79a

  • SSDEEP

    1536:YogcmJgk7BrUiFlIe06zPAREn1zqL1WCd7ogFe1WiqHPDw:vmGwrDFlIeCW41Wqx+qv8

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3296
      • C:\Users\Admin\AppData\Local\Temp\c769e3f760d81182dd833f4324eaca85.exe
        "C:\Users\Admin\AppData\Local\Temp\c769e3f760d81182dd833f4324eaca85.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:764
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\~~e573103.~~~ Inse C:\Users\Admin\AppData\Local\Temp\c769e3f760d81182dd833f4324eaca85.exe
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1812
          • C:\Windows\SysWOW64\rundll32.exe
            C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\~~e573103.~~~ Inse C:\Users\Admin\AppData\Local\Temp\c769e3f760d81182dd833f4324eaca85.exe
            4⤵
            • Deletes itself
            • Loads dropped DLL
            • Drops file in System32 directory
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2720

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\~~e573103.~~~
      Filesize

      490KB

      MD5

      6b36360337f7b0d1ef87763fcb76eb9f

      SHA1

      1a7edf3b52bdb5c02c915d787c5c9acb28900b53

      SHA256

      8ad070b40025c44b6305496f2e07991d560508c9164774e5dda1ab4d45870321

      SHA512

      3754ea5c60ed6b9e2f5561de1ac3bc86b3f4e0f9a1126725ae217830b46e0d4cf90a33d4cf40153afaed9adf5acf98c5db491ce29d1c2a05416f8309e62ea2c7

      Download Submit

    • memory/2720-4-0x0000000010000000-0x0000000010026000-memory.dmp

      Filesize

      152KB

      Download