Overview

overview

7

Static

static

3

ca93019890...98.exe

windows7-x64

7

ca93019890...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    15/03/2024, 05:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca9301989060594a9ee636cdfb329598.exe

  • Size

    64KB

  • MD5

    ca9301989060594a9ee636cdfb329598

  • SHA1

    473eda410e256c3d72de7510ab5d2eb1ca5e51d0

  • SHA256

    92f9cadca90c9e443c15f10628574b4dba504103e8fd26b64e60f799c537d923

  • SHA512

    7d592edbb30fb8d28475e4fecc2392ca0be798a849a0e294337e310c50af3cc1eb3c6471a0eac275455b7a4e94069ec969d3ccecca336214cf72b43e8beac4e4

  • SSDEEP

    1536:BoquHm0GQ0IeSwxMvEqZoQL9EINBbubDG:VLSwxMFo49HBbubDG

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca9301989060594a9ee636cdfb329598.exe
    "C:\Users\Admin\AppData\Local\Temp\ca9301989060594a9ee636cdfb329598.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\dllz.dll
    Filesize

    34KB

    MD5

    b01ba22509dc6c1efb490f0d2178a927

    SHA1

    202faf7a7a11b91878648be4766f22f9da945c0e

    SHA256

    d01d286064a5eb38a138c7e0cc27d2873003051da05753da4a2f7931ac32d434

    SHA512

    219b4f655ff6d2989a319e1ae8f28138b8fceebeb4558806942efcc32c42da5c21a2e4decc3a7548384981d71710d8b13d29f3fcf117d82e0f2a6e92ab8a1de7

    Download Submit

  • memory/1688-3-0x00000000001C0000-0x00000000001CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1688-5-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1688-6-0x00000000001C0000-0x00000000001CE000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1688-31-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download