Overview

overview

10

Static

static

3

e23724d528...59.exe

windows7-x64

10

e23724d528...59.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e23724d5289b98cfd5d86bd302707159.exe

  • Size

    54KB

  • MD5

    e23724d5289b98cfd5d86bd302707159

  • SHA1

    ccfc35574f4b3ca72aecd86d90e0b921f26ddb45

  • SHA256

    18be193dcaf3096c7e56437a14513073beb8a2ba99b84a3a2aa0cec44f3369e5

  • SHA512

    15f2193e018ff3e17c19da2570e5f37555e3f74efc9ad67f01b6ad8e9879efbd61724a53a5d95e4f0078c51ec9af5a4df61f01db7674c393b747e65139f0068a

  • SSDEEP

    768:Oe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJapg4RoSMZeUZB/7pZjEcoy/v/Kxn:V3cpyORJLuB4P4AJJv4Romu/1BybS+V

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\e23724d5289b98cfd5d86bd302707159.exe
    "C:\Users\Admin\AppData\Local\Temp\e23724d5289b98cfd5d86bd302707159.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Windows\SysWOW64\attrib.exe
      "C:\Windows\System32\attrib.exe" "C:\Program Files (x86)\Microsoft\Internat Explorer" +s
      2⤵
      • Drops file in Program Files directory
      • Views/modifies file attributes
      PID:2192
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\temp_tmp.bat" "
      2⤵
      • Deletes itself
      PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\temp_tmp.bat
    Filesize

    186B

    MD5

    160b04c2bf04fb17b47e90e86c410162

    SHA1

    bd7f25c9f751971acef24b7e00ef2b2cca7cd784

    SHA256

    728bb9cc216a29ca12f8ac6259517351bb057b0900e4cae81c3bb3d275a30635

    SHA512

    c987e153f9e53c6c1f0893c520b1f2c35ed11ec36cb65a55ff98f4aecc15807f6c74e7ee964984ae95a8bc909cf512c622511af073816c86e6f27aa999f84995

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyB68.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit