Overview

overview

10

Static

static

3

cb766ea314...35.exe

windows7-x64

10

cb766ea314...35.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    135s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 12:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb766ea31407d80cd68e39c9ebb33035.exe

  • Size

    15KB

  • MD5

    cb766ea31407d80cd68e39c9ebb33035

  • SHA1

    2b0b6d8f58f12fa2049a8746e8dabf1b4d965b45

  • SHA256

    d99543c0bbf2eea9b684acc9d662368ad460af7f55af7a489cc77089ae37a6e3

  • SHA512

    a956915375ee2d0411b80b47e0e37bd52a7ae1338afd07038d02b4f2dd8e93a38cce34e85b412167e70999788d49bc60dc33e74e9ddba95b93af77d254b07143

  • SSDEEP

    384:/qPKe+4fpf8RY3/6EbRW/z213u5qwClUhXllYM5yxos6W:/TY73yEWQ3BlUdlRybp

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 3 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb766ea31407d80cd68e39c9ebb33035.exe
    "C:\Users\Admin\AppData\Local\Temp\cb766ea31407d80cd68e39c9ebb33035.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4964
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\B1AC.tmp.bat
      2⤵
        PID:1268

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\B1AC.tmp.bat
      Filesize

      179B

      MD5

      958f26df8e4c8bf7444a5f6f1c9ecfb2

      SHA1

      50f7ea15ed22ec8e1ec64ca477cd8c150d831cae

      SHA256

      f6f8d802d55c59c6b53e4de6e75280f53e5b51a7f236d9b18795ad2ac20d8250

      SHA512

      63b2ccbfd3791a86a85bedaa61030fa1a47159ed5f43637eaac716d5e4ee1b05080669141570b0bd136507202a77ecffab246ffa1c71c8b4bfea3af2c71eaff3

      Download Submit

    • C:\Windows\SysWOW64\dcubjxiq.dll
      Filesize

      2.1MB

      MD5

      084c985520e602e0434d7a353602ca49

      SHA1

      d637687b747f24d5a080b18bff98463e1fb9396d

      SHA256

      b4bb4b262755a59685d9fb9e5bf5d847b2b81a926a4b29e9a0d4264481321544

      SHA512

      ebfe69bfced58c3480fac46dca99c491fed18829674d982ee7b31f8174731df8027f2be30d63a4bf00601a81b5f86b9ad373c67a84670c539fc1828f5eb4e0e6

      Download Submit

    • memory/4964-9-0x0000000010000000-0x000000001006C000-memory.dmp

      Filesize

      432KB

      Download

    • memory/4964-13-0x0000000010000000-0x000000001006C000-memory.dmp

      Filesize

      432KB

      Download