Analysis

  • max time kernel
    120s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 17:26

General

  • Target

    dc3372438fc7fc937515502a43c267f8.exe

  • Size

    37KB

  • MD5

    dc3372438fc7fc937515502a43c267f8

  • SHA1

    0b3cf5d97cb60db988ab948c0a69ee892da22034

  • SHA256

    d0fa2f18181e55b5f55e02e7b65759ceea3710db0a003a336968e205d808c2f5

  • SHA512

    2fcad7ee797cd60f2c036848bbeacea8dd2e92ca45b43e7d2ab82cb9c3a99d33431cf06ceba03ec2e8b1d7061c90d44be1e8f181efecc5917649411c97e541a7

  • SSDEEP

    768:nP1SA1xqvUc2ULaUN3/cEuGj3xhZiYPfQg:ndSA2vUnUHRWg

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc3372438fc7fc937515502a43c267f8.exe
    "C:\Users\Admin\AppData\Local\Temp\dc3372438fc7fc937515502a43c267f8.exe"
    1⤵
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C sys.bat
      2⤵
      • Deletes itself
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sys.bat

    Filesize

    108B

    MD5

    2c395208e1b09d968e92510f1e9e0b4d

    SHA1

    78854688ebd2b36b92a74911e586ac5dc259c829

    SHA256

    49b705215361a2309143ac44d14149f9b3eb73efe444c44e7a30a393f5c74109

    SHA512

    3e0614a145eaba1fa458a57ed7d03cbd56643f68469a6c4fb52d4a9e812b4dc4f6c220104af40b0237aaaa852b4e285d6c3d013253377e2f1981b53d554d87e2

  • memory/2476-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2476-6-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB