Overview

overview

7

Static

static

3

e1ad47fd11...5c.exe

windows7-x64

7

e1ad47fd11...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 12:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1ad47fd11cc436724bc14b36bbeba5c.exe

  • Size

    34KB

  • MD5

    e1ad47fd11cc436724bc14b36bbeba5c

  • SHA1

    76f82df0717916d7751fe445ff24b1c5f612905e

  • SHA256

    7de6641b4973aba43cf4bbae3ce66e54620c3a44bdae7e8d2f3a03782498ae23

  • SHA512

    d3fc5e7ec78a12c3d290278c9d47195b368f8123e0e0075295e0f5426aa8dcd55926321208d4061a0b582badef9cb834764789c65e30cdd08fd8b910747d9d7f

  • SSDEEP

    768:87lDTSjNrRZqMD+vMjpNZ14ZA/LwvRUiPxEDE4OpvXj:8dSjNrRZOvMF1mUwvWgbVpPj

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1ad47fd11cc436724bc14b36bbeba5c.exe
    "C:\Users\Admin\AppData\Local\Temp\e1ad47fd11cc436724bc14b36bbeba5c.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\internet0.exe
      C:\Windows\internet0.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1232
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Deleteme.bat
      2⤵
      • Deletes itself
      PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Deleteme.bat
          Filesize

          184B

          MD5

          c3028c542b6cffe0d98f3667e957b5f6

          SHA1

          e1aa49bb688c4ae6acc8df08421b51a3084484dd

          SHA256

          5bf5489fd73224a4c41f900734e93b1399b06aed67ef4eef4a7985c25fd36499

          SHA512

          ead95622ca0590bfd47bbfe292cf97c3b1f97972b019de4adf961c4150adcbe206c0db70bdffd713ea0e910941e92d16951e7739d7152490221025b03aec5a10

          Download Submit

        • C:\Windows\internet0.exe
          Filesize

          34KB

          MD5

          e1ad47fd11cc436724bc14b36bbeba5c

          SHA1

          76f82df0717916d7751fe445ff24b1c5f612905e

          SHA256

          7de6641b4973aba43cf4bbae3ce66e54620c3a44bdae7e8d2f3a03782498ae23

          SHA512

          d3fc5e7ec78a12c3d290278c9d47195b368f8123e0e0075295e0f5426aa8dcd55926321208d4061a0b582badef9cb834764789c65e30cdd08fd8b910747d9d7f

          Download Submit

        • memory/1232-12-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1232-13-0x00000000003A0000-0x00000000003B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1232-15-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2352-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2352-8-0x00000000002B0000-0x00000000002C6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2352-14-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2352-16-0x00000000002B0000-0x00000000002C6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2352-28-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download