Overview

overview

8

Static

static

3

e01effa812...3e.exe

windows7-x64

8

e01effa812...3e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2024, 21:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e01effa812878eca35cf59292a1c253e.exe

  • Size

    549KB

  • MD5

    e01effa812878eca35cf59292a1c253e

  • SHA1

    694d8f73221799d5d918f1ef46b2fefae55dbe72

  • SHA256

    29b13081b5b6db962c3b4252c8bbbbe679d160527964b1a0d9eafdacf9b27771

  • SHA512

    480b6ece63b665816fab5a23683c5f317417c8539562e3062964ac34dec08fc25da31e52420c45f711a2666926987046ee2f01849f3376cfad842ac203f2f695

  • SSDEEP

    12288:drhxHkQ6AYemgHbz1OGZIMmD/kSux10mUNh:BhhkQ6AYcgGZwkSuz0F

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 6 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 13 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e01effa812878eca35cf59292a1c253e.exe
    "C:\Users\Admin\AppData\Local\Temp\e01effa812878eca35cf59292a1c253e.exe"
    1⤵
    • Adds policy Run key to start application
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies data under HKEY_USERS
    • Suspicious use of WriteProcessMemory
    PID:4708
    • C:\Users\Admin\Local Settings\Application Data\Microsoft\Windows\dllhost.exe
      "C:\Users\Admin\Local Settings\Application Data\Microsoft\Windows\dllhost.exe" /a 1
      2⤵
      • Executes dropped EXE
      PID:3248

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\dllhost.exe
          Filesize

          549KB

          MD5

          0236e30df537d008970cac846da0309e

          SHA1

          b19fd051835cbc82b15d9ecab3d5a1684f9982df

          SHA256

          5bcc0ca1b8cfd978805fcb177e5a43f9412c6bab5f59f183af6feb7ca8a403c1

          SHA512

          4589f33d909ba8920a2a960b3990353df3d5e43f875533b522e3073ea8ba615c88acbeca1438523e0e4061a3df148f407112be1b76761fc099710a15824c2209

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Twain002.Mtx
          Filesize

          10B

          MD5

          63dc97a4c9eb59798fbd32ea2f8eef81

          SHA1

          5acfc17cce3752f8833f1cd456e73ddea84251dd

          SHA256

          9f164fc802e0321e90c22c97d87d3058f32e598d8c4e4a80364e159f416b1d9b

          SHA512

          17869ed86955afb00ef4e78bee6c02386d378fa970c6095fac75b0cbe44beb8610f8c5925fcecc13010898fa3e769cee5acb4a550c8fffdaf26887ffe75577c9

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\RCX4FB6.tmp
          Filesize

          549KB

          MD5

          44f3d27771d7211b04fce7bcd0b09ac4

          SHA1

          13069a614c0c3eed349e829a3e0b0bb7446910fc

          SHA256

          3094bdebbac4a9612259ba879195da8394b12f9f43ca5c3d102b53ff2666c25d

          SHA512

          a9eab8648e87fbff6199406810248899783d4b706a2a27b1b04ce46cd12c24bbac106dadae2be83d37882f8836ddd1d5d831880aab992b3309a1ada81b250d83

          Download Submit