Overview

overview

10

Static

static

3

40a30e39df...65.exe

windows7-x64

10

40a30e39df...65.exe

windows10-2004-x64

10

Resubmissions

28/03/2024, 19:58

240328-yp6h2afh52 10

26/03/2024, 19:31

240326-x8k6rsac82 10

26/03/2024, 19:29

240326-x7nv9sdb8v 3

26/03/2024, 19:26

240326-x5nsgsab94 10

Analysis

  • max time kernel
    146s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe

  • Size

    172KB

  • MD5

    d5d67479100e986a12e93f9be917bd9c

  • SHA1

    33fad2e93fffeee3c2b358e57d44b632cbfc8e20

  • SHA256

    40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465

  • SHA512

    aaebd28f8c8222ebe8b9080135fa1ee33729abc2787ea5d80cd877e0b8a7f0c1da60469658d8492a0a2567ffed3f15ae94969c91942554488f58d5ef35f88853

  • SSDEEP

    3072:jbx0J+a0UAVTj2XAwqr6HFjuoF+N7bZD16iYIQusGGTkLGFMMalHSXvhSkXWnU2X:jbNa0U+j2Qh69uoF+N7bZD16iYIQusGN

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 27 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe
    "C:\Users\Admin\AppData\Local\Temp\40a30e39dfce70f5bba7b73dfe0bb97aa6a01b61ba9a3b20913159e077d5e465.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\fueyua.exe
      "C:\Users\Admin\fueyua.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\fueyua.exe
    Filesize

    172KB

    MD5

    fca57b3af8f5f9c2519cf1d32683f0ad

    SHA1

    2dcdfb08e9eee4ac63dcddc9669911ee2ea6ee0f

    SHA256

    99e5a12b4be6f39d0920d857ed7f4db9ca94d1eb7fb1bcda37904acacc05c83a

    SHA512

    47316c3c1977e77aff98bdefa8f469ff76ffb23937886796cd562707b0fc3b00ae76f90d43f0a0505c298976c0cfa1c27e1ace9950361b22b90ef13e9544efa7

    Download Submit