d3a51e060f13f2f11a4e03b79284acb26434f276e29686b0f1b8165b464f44f5

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5a3a5943904fa645509111950115942.exe
Size

82KB
MD5

d5a3a5943904fa645509111950115942
SHA1

5f1fabb03a3d5c3b7c4c3da9d071871360280d11
SHA256

d3a51e060f13f2f11a4e03b79284acb26434f276e29686b0f1b8165b464f44f5
SHA512

51f53fc53dbc0f85d1a3cbb3efa81446f69ee2cbeb761f5950657e92e4b8aa31cb6b3447e98f519b44bdc1870d1d5b872947dfe9f9cb491bce70db00670e0794
SSDEEP

1536:nWU7JfGXyjPrwpw2ZCZg6oIg/g4Rx/jz6OZ272Wyt/2QLpS74nouy8i8:31xUpgZ2J/g4n/FwryMsS7woutt

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
760	d5a3a5943904fa645509111950115942.exe
760	d5a3a5943904fa645509111950115942.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Debug\B831406A9770.dll	d5a3a5943904fa645509111950115942.exe
File opened for modification	C:\Windows\Debug\B831406A9770.dll	d5a3a5943904fa645509111950115942.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}	d5a3a5943904fa645509111950115942.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\ = "fsvdf"	d5a3a5943904fa645509111950115942.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32	d5a3a5943904fa645509111950115942.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ = "C:\\Windows\\Debug\\B831406A9770.dll"	d5a3a5943904fa645509111950115942.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291FABA8-CB00-488C-AC9E-B457FFC4A117}\InProcServer32\ThrEaDiNgModEL = "aPaRTmEnT"	d5a3a5943904fa645509111950115942.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
760	d5a3a5943904fa645509111950115942.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2096	760	d5a3a5943904fa645509111950115942.exe	87
PID 760 wrote to memory of 2096	760	d5a3a5943904fa645509111950115942.exe	87
PID 760 wrote to memory of 2096	760	d5a3a5943904fa645509111950115942.exe	87
PID 760 wrote to memory of 4796	760	d5a3a5943904fa645509111950115942.exe	101
PID 760 wrote to memory of 4796	760	d5a3a5943904fa645509111950115942.exe	101
PID 760 wrote to memory of 4796	760	d5a3a5943904fa645509111950115942.exe	101

C:\Users\Admin\AppData\Local\Temp\d5a3a5943904fa645509111950115942.exe
"C:\Users\Admin\AppData\Local\Temp\d5a3a5943904fa645509111950115942.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:2096
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 2.bat
  2⤵
  PID:4796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
42B

MD5
6cac92ab248f68030e6727cf91340f0e

SHA1
132b9595fc7aa8a1be4045066a1dc76b7c7fdd78

SHA256
4361714a43ebd815b0e4eab696a1ecd2886dacad75fb7de149e86c3cb4b026a9

SHA512
e93c8007139469a3dd22d2bca6c0938994124bfdb29e68639e09450ff212243d098e54d0eb9d102915060d957719529af76ee8836491b55c0b05364b1b9e10bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
53B

MD5
c5f91ff8443ce76d2cdd5388e473a87a

SHA1
a1fdbd7c4a7194b3a1cc8d010e35e9626e9cdab4

SHA256
1f1ec6bb4ce7b221154e972a6a1f58d8b46abdd29aadec264dea26693c92f974

SHA512
2a1824f1c0a4a420badcf718835924f960a4d4fc1a475744f9ae158b3208f6446f3abd01ece2dbfa3e28ce6ba87fd9416f1d38ad268568fc7f424360da9326a6

Download Submit
C:\Windows\debug\B831406A9770.dll

Filesize
154KB

MD5
b55f08bc8d20e1d5235db0dc59707d29

SHA1
751d6cfe8213e29cc665d4984cd9abd69e401d87

SHA256
71425696197edf8ce522d5b68d7977f42480908e3027c1b4a3872b351b354761

SHA512
994ef5562d2195c9b5278a1599f0f246b22385d3e9800145fd5c15b7949189d09a5a62eb7436ee876aca84a8545db5acaba4f95e9a2d56709660739d5f4d4690

Download Submit
memory/760-0-0x0000000000400000-0x000000000043A20C-memory.dmp

Filesize
232KB

Download
memory/760-4-0x0000000000400000-0x000000000043A20C-memory.dmp

Filesize
232KB

Download
memory/760-12-0x00000000006E0000-0x000000000070B000-memory.dmp

Filesize
172KB

Download
memory/760-16-0x0000000000400000-0x000000000043A20C-memory.dmp

Filesize
232KB

Download
memory/760-17-0x00000000006E0000-0x000000000070B000-memory.dmp

Filesize
172KB

Download