Overview

overview

7

Static

static

3

61a52e2dcc...f2.exe

windows7-x64

7

61a52e2dcc...f2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    156s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-04-2024 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    61a52e2dccc0ee05c26c5700f680ab1952f27c2af9b9de77ea4c80140f4097f2.exe

  • Size

    1.7MB

  • MD5

    09f5f8c4ae5d20e09bae630c50147d61

  • SHA1

    5e578d4bebbbfd0225b4a46d1384c3791a29692a

  • SHA256

    61a52e2dccc0ee05c26c5700f680ab1952f27c2af9b9de77ea4c80140f4097f2

  • SHA512

    68dee798aaefde9ee066ce687e4e90f982f8656386289991ddfe4546a042625e5853630e3536569d598792d2764a8585bb5ac1be4276b03c48a1d06cd19cebbb

  • SSDEEP

    12288:qwKfOVRo9yRYUVeCoY7p4O8b8ITDnl6sNvne:qxWVeyRYUInY7p4O8b8ITDnlJne

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 24 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\61a52e2dccc0ee05c26c5700f680ab1952f27c2af9b9de77ea4c80140f4097f2.exe
    "C:\Users\Admin\AppData\Local\Temp\61a52e2dccc0ee05c26c5700f680ab1952f27c2af9b9de77ea4c80140f4097f2.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DynamicUnicode.exe
    Filesize

    1.5MB

    MD5

    2b7b08d5d52e5b7a67ac4b9dba81b41d

    SHA1

    ed7493581b784a42a3dc8985f11ce3f5401f1310

    SHA256

    13b8c4b687ed65732fe94008feb72119f863c4cd3340fd1464add615e8bfc6fb

    SHA512

    4a7ebb70e9bab1290888c3ce385ecf499ab0f3ac6c0938ec0c5db12f19b862656cd295c86906aa510a9e7409bf4b55ac5e544d31c885c704f4e138cf7365a36a

    Download Submit

  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\RCXA55C.tmp
    Filesize

    1.7MB

    MD5

    a6c0a72d776cc1e5c1edcd93efe604a2

    SHA1

    91212b5d8c58f3a4c3bdaee158b4612bfe448200

    SHA256

    296cdcd7f736b4984e185462b038c8cd48f249f17371bbdeb5826a6c61e55552

    SHA512

    fca99928cf5066ccf20da4dc6fec962600a8a7fa64a7289929283ad8cdc01e4d8ffdc2a72d2e84cf9ee6d532c8fee71d1a0cd81bb27e4d38389f5cdc87b787db

    Download Submit

  • C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\RCXA686.tmp
    Filesize

    1.7MB

    MD5

    686f8abdff476d6f79b10335de8d5dc7

    SHA1

    a0dd3b6f451d7e5d548132bfc74f90bee9f6ab51

    SHA256

    47352bd90ea135921801e53cee4acd412a3d5f815acd4b0189f011ac49d1a4ef

    SHA512

    4129c853a7c1f693a2d8ae88c615b1b4ddb14fd67b999ee0d698b76dbf578f0f1385e10a1d49e9164b6480cf98fce29153d7ff63dbb36384acc7987ba9a596bd

    Download Submit

  • C:\Program Files (x86)\Common Files\System\ja-JP\SystemWAB32res.exe
    Filesize

    1.7MB

    MD5

    09f5f8c4ae5d20e09bae630c50147d61

    SHA1

    5e578d4bebbbfd0225b4a46d1384c3791a29692a

    SHA256

    61a52e2dccc0ee05c26c5700f680ab1952f27c2af9b9de77ea4c80140f4097f2

    SHA512

    68dee798aaefde9ee066ce687e4e90f982f8656386289991ddfe4546a042625e5853630e3536569d598792d2764a8585bb5ac1be4276b03c48a1d06cd19cebbb

    Download Submit