Overview

overview

7

Static

static

3

7a42cc2f8d...cc.exe

windows7-x64

7

7a42cc2f8d...cc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 20:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a42cc2f8d2df9d2f886b98ceba8e32a1e399c2a0a4d5f3c6351c8ec4e4097cc.exe

  • Size

    81KB

  • MD5

    9689d384749ee9885a1ab50fca3eafb7

  • SHA1

    87f5ff4fa9a77a86e531d050a6220587800e8fd6

  • SHA256

    7a42cc2f8d2df9d2f886b98ceba8e32a1e399c2a0a4d5f3c6351c8ec4e4097cc

  • SHA512

    2b727b6a6276194b41d55ff81ec61708a900eef2f02a6f98d209389e70394e8f1852650180b15e01e2770bac6a2349e592bd7bae35062b441fc4c809a81dab09

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOIoJ2T7ZPp8X9PTiD:GhfxHNIreQm+HiyuD

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a42cc2f8d2df9d2f886b98ceba8e32a1e399c2a0a4d5f3c6351c8ec4e4097cc.exe
    "C:\Users\Admin\AppData\Local\Temp\7a42cc2f8d2df9d2f886b98ceba8e32a1e399c2a0a4d5f3c6351c8ec4e4097cc.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4536
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    85KB

    MD5

    8b85935d2d72e2bd062693521d388fe5

    SHA1

    cb4dfca5dea781d3f88775c0397fa7a92574e68c

    SHA256

    458e5fef27c152092084b891bd4a2f8f546a9830fa16581f891fbd6efb1f0b12

    SHA512

    252eeec88a0c0f08d77567317811437a5a3a46ef1332d78d6321ca86fe23b5d17c9e0d41e4e0e99185014c8104a65b158ad1bb5a51225b1a1f15515aa4773b66

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    73KB

    MD5

    3dddb0d6d34ebadfcea76892d788ca24

    SHA1

    d2e1cf740e408ee4f3c5d038aaaeed8c7ec44b84

    SHA256

    72233fa923600a5263274ab4356c6bcf91c455ca03519dd95766d1242a20dfeb

    SHA512

    ff2e54ab07c0b2043857cf97fad4b62060337dc840b1daf81eb209ad3379e207cb667d038f596feed8e6ef9f9606b84b1ceba097cc186f31c60c39d42367cd72

    Download Submit

  • memory/4536-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4536-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download