Overview

overview

7

Static

static

3

cd02ec9d4f...10.exe

windows7-x64

7

cd02ec9d4f...10.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd02ec9d4f2de7e1db1a9f78624eda10.exe

  • Size

    8KB

  • MD5

    cd02ec9d4f2de7e1db1a9f78624eda10

  • SHA1

    b9d1c848eb3314bdee88f784c620e24c6c6912c5

  • SHA256

    bd28b9719c3a2c7618f0f2c81d8d11bc706f4ead27c680bea9cbc68c41a042b7

  • SHA512

    67432a73414d906bcb4021abe639276640a452a1bafedf51860a59a1b84ca69a4076e7bbfb9a61ecc932c2bb65f31d834602a760e7689ca39c0c3fd27b16f518

  • SSDEEP

    192:If/ImmYQ33G9Q/vBx/cFU4fXPfMbeHuLMOK23e/I3rOttXi0:IfgtYQ35FcFU4jZb23GI7w97

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd02ec9d4f2de7e1db1a9f78624eda10.exe
    "C:\Users\Admin\AppData\Local\Temp\cd02ec9d4f2de7e1db1a9f78624eda10.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Windows\dnswatch.exe
      "C:\Windows\dnswatch.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\dnswatch.exe
    Filesize

    8KB

    MD5

    cd02ec9d4f2de7e1db1a9f78624eda10

    SHA1

    b9d1c848eb3314bdee88f784c620e24c6c6912c5

    SHA256

    bd28b9719c3a2c7618f0f2c81d8d11bc706f4ead27c680bea9cbc68c41a042b7

    SHA512

    67432a73414d906bcb4021abe639276640a452a1bafedf51860a59a1b84ca69a4076e7bbfb9a61ecc932c2bb65f31d834602a760e7689ca39c0c3fd27b16f518

    Download Submit

  • C:\Windows\sysdebg32.dll
    Filesize

    3KB

    MD5

    27289e9380e6ae8303cbe7bc2a141885

    SHA1

    caa81fb370217a0b9a669fc9e7dcb83bbbb7a357

    SHA256

    8d27c8629d41fb774458a2bb8bb3beb8ed470746689da3e414740c96d246294f

    SHA512

    d971817a366cc5621502b0055db4465f516ba0121637da2500b04618d5cabc3ded2bb449fc3ec58850ba3e27a0547746395ef7afb5e3ce4664aa46ee114342c5

    Download Submit

  • memory/2796-9-0x0000000010000000-0x0000000010004000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2796-10-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2912-6-0x0000000000400000-0x000000000040E000-memory.dmp

    Filesize

    56KB

    Download