Overview

overview

7

Static

static

3

d41176c3d3...5f.exe

windows7-x64

7

d41176c3d3...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/03/2024, 17:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d41176c3d3d2dd60b735619010411b5f.exe

  • Size

    224KB

  • MD5

    d41176c3d3d2dd60b735619010411b5f

  • SHA1

    685fe3818b00ba7fb8fa6fbb475291d8b673d6ee

  • SHA256

    f0264315eb031974aed214311d7e7d8697b4fae9417a9f8f2c5751946c6a873f

  • SHA512

    865853a0bf43730f11a36596cbd83d79c6a0f87d1ba934ffc21135ec4befbf626e054f486e709b159fa15d461bc76c3910bb7cee3e3aec694bc53cd5dd7f4ae6

  • SSDEEP

    6144:1mM3FgQCv8N1mlgEKlk88OMeIXfmUtZt8YHpElxyQoBe5+:1ftN1mlgM88O8uS78CIypB8+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Program crash 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d41176c3d3d2dd60b735619010411b5f.exe
    "C:\Users\Admin\AppData\Local\Temp\d41176c3d3d2dd60b735619010411b5f.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3852
    • C:\Windows\NR\example.exe
      C:\Windows\NR\example.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3632
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:624
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 796
          4⤵
          • Program crash
          PID:3620
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 624 -ip 624
    1⤵
      PID:3136
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3720 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4016

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\NR\example.dll
              Filesize

              194KB

              MD5

              669c4fc20ea53e82f855b3f3dd3038b1

              SHA1

              8ddd6be22a9cc64c7dcbe9b3eae38fe4e1304bfe

              SHA256

              e02812d6889aa0f25b4db7e348c4335bd9575c525cb363fd3c89bf46893acf35

              SHA512

              7d1bc9ee250e6979eda5165be8af9fa50f4d49b1bf5c8b2df9d1c74b9ff73b7bf9bb84bb4f4659a112de6e00662d49489c8f26130e44417963c4162d4c9acc8d

              Download Submit

            • C:\Windows\NR\example.exe
              Filesize

              224KB

              MD5

              d41176c3d3d2dd60b735619010411b5f

              SHA1

              685fe3818b00ba7fb8fa6fbb475291d8b673d6ee

              SHA256

              f0264315eb031974aed214311d7e7d8697b4fae9417a9f8f2c5751946c6a873f

              SHA512

              865853a0bf43730f11a36596cbd83d79c6a0f87d1ba934ffc21135ec4befbf626e054f486e709b159fa15d461bc76c3910bb7cee3e3aec694bc53cd5dd7f4ae6

              Download Submit

            • memory/3632-11-0x0000000013140000-0x000000001317E000-memory.dmp

              Filesize

              248KB

              Download

            • memory/3852-5-0x0000000013140000-0x000000001317E000-memory.dmp

              Filesize

              248KB

              Download