e50d735cce5de5239defb2efafc33c0ab9a7ca1f5e6556f3efff74278a0bbc59

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-03-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3f5863bf7e890903af95e1cc71435a8.exe
Size

48KB
MD5

d3f5863bf7e890903af95e1cc71435a8
SHA1

6012986f10130e363bcd167c3f4a3a196e9da4e0
SHA256

e50d735cce5de5239defb2efafc33c0ab9a7ca1f5e6556f3efff74278a0bbc59
SHA512

11b7cac9b001550684e9b2be346a36a58d5d1b7e64b05c2234e2f3ae85162c960212a1203682f421a999a2e68e62ab083852e9939e962ca572c21462798f40c6
SSDEEP

768:7XCXyMMZShA4AvN3vILkaeh73MTWqyz+vFvW2Nr9wgjc:yyMMbNfILk5+vbY

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Live Messenger = "C:\\Users\\Admin\\AppData\\Local\\Tempbak.exe"	d3f5863bf7e890903af95e1cc71435a8.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2304	d3f5863bf7e890903af95e1cc71435a8.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2304	d3f5863bf7e890903af95e1cc71435a8.exe
2304	d3f5863bf7e890903af95e1cc71435a8.exe

C:\Users\Admin\AppData\Local\Temp\d3f5863bf7e890903af95e1cc71435a8.exe
"C:\Users\Admin\AppData\Local\Temp\d3f5863bf7e890903af95e1cc71435a8.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Steam.html

Filesize
2KB

MD5
dc802a9f7bff62772c0c33b58b8a1852

SHA1
be5928b5ffc80ebee1a2e913bc935c6e50e6b4ff

SHA256
0ae4ea4fe98c371be6cd618869df6c096f209772dff361622588c94263114485

SHA512
2462f524d171383e9944dd3cc7ce67121fb282966a73f9ef654c3b895d97fd643ba88cb0b92de67608feb92ff402fb6fe10ee531e589e0c4ab7cda3f6eca0aba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Steam.html

Filesize
2KB

MD5
71058fdda7eed5e31e1054da4fc21eef

SHA1
c6c0cfc4022b7af5066e6bd7ec9ea4f889027dfe

SHA256
b32d00e80cc1bbcac6e7b1e33c1a16715bf5dd519f775c3c68306b279f70b4e2

SHA512
259a0d7c05a4ea62e814267da4115a22258643262185d5b36b9b1a44358f4166543d14523b88a22be1e291834c335284a0f8c3e56aa077fbd80b0a4686a133b2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads