Overview

overview

10

Static

static

3

afe46e9b70...81.exe

windows7-x64

1

afe46e9b70...81.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-04-2024 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afe46e9b70aa57e35b3d2e4f410da99ca35887f72af07607c5d57a0672173681.exe

  • Size

    1.7MB

  • MD5

    10a35e6cd0a2d3de87b93a78b8a16c2a

  • SHA1

    a1ce367a08ad5ceadb11c109a9267994f09d4bb7

  • SHA256

    afe46e9b70aa57e35b3d2e4f410da99ca35887f72af07607c5d57a0672173681

  • SHA512

    de4e94d551adf828222c7e0311c211d6dc2fc77fbd7b9b86440a5ed6216a43caca905a289867bceb68ef1ba53d97b91aaeb4d2889c08dcc57345b825a1128ed6

  • SSDEEP

    49152:Gmix7/ix7yix7/ix7Xcix7/ix7yix7/ix7:GmU/UyU/UXcU/UyU/U

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 10 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 15 IoCs
  • Program crash 2 IoCs
  • Modifies registry class 18 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afe46e9b70aa57e35b3d2e4f410da99ca35887f72af07607c5d57a0672173681.exe
    "C:\Users\Admin\AppData\Local\Temp\afe46e9b70aa57e35b3d2e4f410da99ca35887f72af07607c5d57a0672173681.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\SysWOW64\Iapjgo32.exe
      C:\Windows\system32\Iapjgo32.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3628
      • C:\Windows\SysWOW64\Jddiegbm.exe
        C:\Windows\system32\Jddiegbm.exe
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:228
        • C:\Windows\SysWOW64\Khfkfedn.exe
          C:\Windows\system32\Khfkfedn.exe
          4⤵
          • Adds autorun key to be loaded by Explorer.exe on startup
          • Executes dropped EXE
          • Drops file in System32 directory
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:3892
          • C:\Windows\SysWOW64\Laffpi32.exe
            C:\Windows\system32\Laffpi32.exe
            5⤵
            • Adds autorun key to be loaded by Explorer.exe on startup
            • Executes dropped EXE
            • Drops file in System32 directory
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:4020
            • C:\Windows\SysWOW64\Ldikgdpe.exe
              C:\Windows\system32\Ldikgdpe.exe
              6⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:1264
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 400
                7⤵
                • Program crash
                PID:2344
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 400
                7⤵
                • Program crash
                PID:2996
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1264 -ip 1264
    1⤵
      PID:1624
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4052 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:4488

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\Iapjgo32.exe
        Filesize

        1.7MB

        MD5

        82cea86699e0ce22e2c0c61e18ecb0ea

        SHA1

        091321472407cd81b923391030c2e7d85e390a7f

        SHA256

        6ce6ef9008c639ef9e8395e30f8d087ced5414fd54689eb499c090d230737345

        SHA512

        2a01fedbd4fc5b47f9897a4b2956dc1090b6889ec33b2ebff9a266d1b6241b9195ca5d4e2dacb83cd77c69b9967ae3983b9ef543db953e7bfc90754b0cc9336e

        Download Submit

      • C:\Windows\SysWOW64\Iapjgo32.exe
        Filesize

        448KB

        MD5

        90fbbdbbdaa30e2e9db6d8e4444fca0f

        SHA1

        32c0c77842b51999b914668fb4405c03c751a3a3

        SHA256

        895ae1f0ba2637ad75ca0c68c5ebc17c03b1f8d8871e5e437e0593ccb10c9e22

        SHA512

        fbcdf209fde794525440fb81452fb018ff4ed201671d64584869020a1ee0134b5cd53042e13250bc830424dd548e126bda40e928f41ac96772cab07a2a801311

        Download Submit

      • C:\Windows\SysWOW64\Jddiegbm.exe
        Filesize

        448KB

        MD5

        231c1282988946a2c18e5d535b56cc2f

        SHA1

        a9ae46d2611edd94c78332b5fe0fb908a57370d9

        SHA256

        d63308e0b436156e8cadaa61df4012d76deaf508cd15911833bda4e161d93075

        SHA512

        46f688f9f6d426f990bfbea9e2555ff51cf65f5a43578ff41c3095df92165e4af2f48f19d9f6f97df94a6ae7023ed4b30fe72e9d2bc6e577ca1443388096d623

        Download Submit

      • C:\Windows\SysWOW64\Khfkfedn.exe
        Filesize

        448KB

        MD5

        78b8080bbf6510f772e676e964eee23e

        SHA1

        161827503047d62c44edd978af4a9bf1c3f6ffe5

        SHA256

        1620ebab92116214ea6ef02488a699b2cf2fb45261a8417b811371b79dea25cf

        SHA512

        4118c91f7334ebcaed81eab2f3a6bed55265aa326dea3446db4ed459f210b8097ee5482101d0cbda3e220f4e68f14e0455a6e2419f856ecc52449cdb4f7d58b1

        Download Submit

      • C:\Windows\SysWOW64\Laffpi32.exe
        Filesize

        576KB

        MD5

        511b00eb81fdaa694bc25adc482c5bbb

        SHA1

        53f0871c93cc88fd0664229a5cc5d1866301d7c1

        SHA256

        5e1e12ae3d811c4145d61455a1438784300ed275fedcf1c75b9e34c0e5a78c0d

        SHA512

        14b780385114236a1557015c04173b2cdc92f42f008b817a8744da0e398244444502ae4e2101abcd65e0820cc8291502c196c94b8002f7272b559b202a4af63f

        Download Submit

      • C:\Windows\SysWOW64\Laffpi32.exe
        Filesize

        448KB

        MD5

        bd4cf0f0a085c15dd7f2ab3f85b1a6c6

        SHA1

        d8e95fa885edf6b8c0460a94c65e4fbb7542d080

        SHA256

        1918662e83962f15ff47d20492f6c90c2d11353c7dcd1f21466af1e24bacb126

        SHA512

        e5fe0fb3e2b80c3e493645c0bfc8c3d77238f730c8478c9a99f6866aaa3ea977416bf922a76f76a7a24d84d05c091bc18722e51c42f0398f5d9dc799903b098b

        Download Submit

      • C:\Windows\SysWOW64\Ldikgdpe.exe
        Filesize

        1.7MB

        MD5

        be730088d5f28959dea9a890b099ddcf

        SHA1

        bba000eeb3c919caeb4543b33274852f223a1090

        SHA256

        ec79e438dca98c71b08dd6fe7275264ce745b5167f7bcee02a9253e17495b376

        SHA512

        28c073f21fb6b823ab700a0219ab2e339804b85f344b391e88aba88e99942dbfeab31a54d9becedabbeb09f4b8857cedce893c65c3dbb55c709a9a004d41c28e

        Download Submit

      • C:\Windows\SysWOW64\Ldikgdpe.exe
        Filesize

        448KB

        MD5

        1de2c5e140c138454209676e44a3aeb7

        SHA1

        ad53fb21cd9dc9c6146e47ce2bc6c0a978906ff9

        SHA256

        279c42ddf476f762951b7c555a4221ff86672fa0bbbc6457ac19849418783b62

        SHA512

        2cf38ba4d89f05db2c0bdcc6d34126af643217f4b94b5c770b3ae424bd22ee236720052a1500d127ea420bb4e9efcce38194f3a47ac7828e104b94c1cb752ddb

        Download Submit

      • memory/228-46-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/228-17-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1264-49-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1264-42-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1436-25-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1436-0-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1436-2-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1436-1-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3628-9-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3628-45-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3892-27-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3892-47-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4020-34-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4020-48-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download