Overview

overview

7

Static

static

3

b0d576fc28...0d.exe

windows7-x64

7

b0d576fc28...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/04/2024, 08:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b0d576fc286758b9ab902d309ce1ba74df072d923a434cfd0be9595da5fcdd0d.exe

  • Size

    78KB

  • MD5

    24267e3370b9312986d2c799ae228306

  • SHA1

    5740fd004c73cb12cb74bf9fa4fcc48f980078f3

  • SHA256

    b0d576fc286758b9ab902d309ce1ba74df072d923a434cfd0be9595da5fcdd0d

  • SHA512

    b2644182a502a07ba53b77f1eb81cf5cd2190c211039204c5dc8ce74d2a11f61de403069a6d3b4ec9f37971f35d50865fe2f6c6d587f6651ca16104b867563e4

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOmhAN:GhfxHNIreQm+HiphAN

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0d576fc286758b9ab902d309ce1ba74df072d923a434cfd0be9595da5fcdd0d.exe
    "C:\Users\Admin\AppData\Local\Temp\b0d576fc286758b9ab902d309ce1ba74df072d923a434cfd0be9595da5fcdd0d.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3952
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1124

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\SysWOW64\notepad¢¬.exe
            Filesize

            86KB

            MD5

            61f162a6d7aa1f618de969031a4fabed

            SHA1

            e780943a61c13ddf9194d79efcf1256b4aafeb57

            SHA256

            892c69b765fd3be040b6256c8ab8710e4eff819398469e6ecdd28ac38be8be14

            SHA512

            24a353e7e2a462ba58c274246339a179c01e28ba4bbd84b03d272d382405e7ce9c1db460acc727f43bbc7177ccdca187404f865975e22d90c8ba4c1e98b38a95

            Download Submit

          • C:\Windows\System\rundll32.exe
            Filesize

            76KB

            MD5

            2bbfbdca351110bfc07eab4a21b27e52

            SHA1

            308766e20b885c8a78068dc95795f896f7d86c3c

            SHA256

            8cd3fc001308ed3aa88f0e3a5cfad2e46450eb6cbdc3dfd7d870fdd3796f5cb0

            SHA512

            365859e4c12bdc827a6062bf15b9513ff561cb63b08c426dcfe50ebb8a36399b6b3dd526829ce5349e89ce5634009cbc1295a4a0c6e41b9818c31e4a5482dba5

            Download Submit

          • memory/3016-0-0x0000000000400000-0x0000000000415A00-memory.dmp

            Filesize

            86KB

            Download

          • memory/3016-13-0x0000000000400000-0x0000000000415A00-memory.dmp

            Filesize

            86KB

            Download