Overview

overview

7

Static

static

3

a2a5e61747...77.exe

windows7-x64

7

a2a5e61747...77.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/04/2024, 08:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a2a5e61747acd70615e8538cd1e60a2c5a13e4d42a0e89fd030ac228b9dfa377.exe

  • Size

    75KB

  • MD5

    3be02027f7230401eee3c3ecd61f7414

  • SHA1

    f2109f49988b492f7b7cfe30a204ea1aafe12f1a

  • SHA256

    a2a5e61747acd70615e8538cd1e60a2c5a13e4d42a0e89fd030ac228b9dfa377

  • SHA512

    0a0b348112983a845f3a708491b1ba6916a5c2c69e1485346b6e4c4d0e1ef6c8273dda1693c007cde463634524a8e072581536ff2ee5b49838b7bda383ba664a

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOyh:RshfSWHHNvoLqNwDDGw02eQmh0HjWOy

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2a5e61747acd70615e8538cd1e60a2c5a13e4d42a0e89fd030ac228b9dfa377.exe
    "C:\Users\Admin\AppData\Local\Temp\a2a5e61747acd70615e8538cd1e60a2c5a13e4d42a0e89fd030ac228b9dfa377.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4324
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2972

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          81KB

          MD5

          828a7fd5a08e1dee754b9f14e9ffc50b

          SHA1

          0aa70e28c1cfc6d8c95e6b1a021648dca7feaf57

          SHA256

          83490891c59dbcfd55c272f83f6f5ef640034ce474dfd7889ea813f361e4876e

          SHA512

          d34898c8ddd06a41ec881caacfca7540186b6ae7c2aa90784f34986115edab9057f1c9f7cd7f5be4333cfc484f2fa2bfc61586a10df3f66932a111179badf742

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          73KB

          MD5

          4e4fc4dfb0e9dc9911dc4ac369acc469

          SHA1

          74397854f54e4c4f57cdc342043a024878831fff

          SHA256

          37b9e00da71176f9a0e8e69e56b199c7c4179c22df0dadb7688e862a6ccf2005

          SHA512

          cffea3d95b52809821901dbc3d0a68fffa2f84c09c1badcf17aacc7c5a5436c46be44bae84b9dd4d6c11c8659dda46137c5e221b6c9444e7b510f9aef0123530

          Download Submit

        • memory/4324-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4324-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download