e50d735cce5de5239defb2efafc33c0ab9a7ca1f5e6556f3efff74278a0bbc59

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 16:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3f5863bf7e890903af95e1cc71435a8.exe
Size

48KB
MD5

d3f5863bf7e890903af95e1cc71435a8
SHA1

6012986f10130e363bcd167c3f4a3a196e9da4e0
SHA256

e50d735cce5de5239defb2efafc33c0ab9a7ca1f5e6556f3efff74278a0bbc59
SHA512

11b7cac9b001550684e9b2be346a36a58d5d1b7e64b05c2234e2f3ae85162c960212a1203682f421a999a2e68e62ab083852e9939e962ca572c21462798f40c6
SSDEEP

768:7XCXyMMZShA4AvN3vILkaeh73MTWqyz+vFvW2Nr9wgjc:yyMMbNfILk5+vbY

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Live Messenger = "C:\\Users\\Admin\\AppData\\Local\\Tempbak.exe"	d3f5863bf7e890903af95e1cc71435a8.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2820	d3f5863bf7e890903af95e1cc71435a8.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2820	d3f5863bf7e890903af95e1cc71435a8.exe
2820	d3f5863bf7e890903af95e1cc71435a8.exe

C:\Users\Admin\AppData\Local\Temp\d3f5863bf7e890903af95e1cc71435a8.exe
"C:\Users\Admin\AppData\Local\Temp\d3f5863bf7e890903af95e1cc71435a8.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Steam.html

Filesize
2KB

MD5
d03c01aa1c54c8df1eaa1f910c3ef881

SHA1
1b1ba13b04bcf7ea19e041e3ceff393c8f3dbbad

SHA256
18b9bc3b722027d20f5196c0ed3c491b8a0afb824c3c5daae064c5a4ea80f8d0

SHA512
b7dce41a705bf17a0d3608d991414189bfa89e7003ed9f3cd33701154905d12f12ecc52f161d090bbd064eb2366be33ba416a735da3b0d7e4807531a06cd7d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Steam.html

Filesize
2KB

MD5
3793c2c1b5d62a2f587071802657a501

SHA1
1d7e1b991f55672fcd22c256cce4ca25b773c4b4

SHA256
66fb6a9c8295cc2e874ccdc9e0d65ce1c0adaeeaad67e3fe54c67a5901d09508

SHA512
51a7e825d5adedffd3b3d7a7fe34119af874eaf8d52c16a7cccdf46a14cd7ad7034988e276303e3b107aec143f61bec94e036a006c845860d915a495761b177f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads