55590c23f4fcf694f318555f74bfc1ed3f1e9b2533a6ae3304a777d95166ce09

Analysis

max time kernel
128s
max time network
141s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cde9d01138ecff39c196c59d47dfb9fa.exe
Size

31KB
MD5

cde9d01138ecff39c196c59d47dfb9fa
SHA1

05088ae8472a214cd6492050680137c64bd38a21
SHA256

55590c23f4fcf694f318555f74bfc1ed3f1e9b2533a6ae3304a777d95166ce09
SHA512

9a3012631bfeae4740639449339ed21235bea7eb31bded4b8a8096e53719c047124df56fec4104dd53a58002ee79864373dcec2c54e10b8c27a6025e295b604a
SSDEEP

768:cGl2BkSIWtPvEPHhO7EO/sUKLLmQz2qccnzT4Mywirm:cCrkV/sUKLjz2Yz+w9

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\winapi\Parameters\ServiceDll = "%SystemRoot%\\System32\\winapi.dll"	cde9d01138ecff39c196c59d47dfb9fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\services\winapi\Parameters\ServiceDll = "%SystemRoot%\\System32\\winapi.dll"	cde9d01138ecff39c196c59d47dfb9fa.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\winapi\Parameters\ServiceDll = "%SystemRoot%\\System32\\winapi.dll"	cde9d01138ecff39c196c59d47dfb9fa.exe

Deletes itself 1 IoCs

pid	Process
2732	svchost.exe

Loads dropped DLL 2 IoCs

pid	Process
1660	cde9d01138ecff39c196c59d47dfb9fa.exe
2732	svchost.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\winapi.dll	cde9d01138ecff39c196c59d47dfb9fa.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2732	svchost.exe

C:\Users\Admin\AppData\Local\Temp\cde9d01138ecff39c196c59d47dfb9fa.exe
"C:\Users\Admin\AppData\Local\Temp\cde9d01138ecff39c196c59d47dfb9fa.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:1660

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k winapi
1⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\winapi.dll

Filesize
41KB

MD5
c945f7f4277d146d0dffb681290a0c7d

SHA1
c3c5b35a16b5afde213d28643c322cd200953114

SHA256
e8af50144b4882b79b424b43ab1b91aadb0bbf023a819c846c8ca71db0fcdf7d

SHA512
b2dc141fec24d6eb498d652df7bd710405020b2abe234fa59c4dbb06c0b9b170ca354337ca24cde56796a13ba838c19f855423aaecf13db8d3464541da9e1983

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads