Overview

overview

10

Static

static

3

ded5d95779...15.exe

windows7-x64

10

ded5d95779...15.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 09:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ded5d95779ab64d9173ae16c5ca2db15.exe

  • Size

    4KB

  • MD5

    ded5d95779ab64d9173ae16c5ca2db15

  • SHA1

    49ad468682d508218a038785a16c7f364f590754

  • SHA256

    cffd94cad71d5402380c13ddf3975a97214f5a25c9f314884bb05a727fdbaa7e

  • SHA512

    931f340a49cdda0dbb94f0a4c76f9aa7753ecc819336bf02aff086aaf987bac95f8060e45ffc62c220a8cbdde618966faebba2e63366bb5515bd6ae732451479

  • SSDEEP

    96:0NpJzZUBjW4x4wMDnz1nCNnYipAp+tHkuuFCzSZFf+m1Za+:0NSq4xgn1nCtYvpeHIFeq8m1h

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Disables Task Manager via registry modification
    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ded5d95779ab64d9173ae16c5ca2db15.exe
    "C:\Users\Admin\AppData\Local\Temp\ded5d95779ab64d9173ae16c5ca2db15.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\tool[1].exe
    Filesize

    5B

    MD5

    fda44910deb1a460be4ac5d56d61d837

    SHA1

    f6d0c643351580307b2eaa6a7560e76965496bc7

    SHA256

    933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9

    SHA512

    57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

    Download Submit

  • memory/2612-23-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download