Overview

overview

7

Static

static

3

597c835575...b4.exe

windows7-x64

7

597c835575...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/04/2024, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    597c835575242d24ac49bae8b7c14e06aeb6f28199869d6b2c12ab80b3b484b4.exe

  • Size

    85KB

  • MD5

    618ccc5db60849830230e79e87a6bbd5

  • SHA1

    4c13bf257ce66affd8c21008324fc1c1929150ea

  • SHA256

    597c835575242d24ac49bae8b7c14e06aeb6f28199869d6b2c12ab80b3b484b4

  • SHA512

    43b5e3f11ff98c394eabfdddd2e0a913c63f9082ec4a4ae515f356b08696f4d60624c4d5bb89a64982f756b41383dfec2c5805cce1307d381bfa7d6ff9a88280

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOBrne1gYv:GhfxHNIreQm+Himrne1gYv

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\597c835575242d24ac49bae8b7c14e06aeb6f28199869d6b2c12ab80b3b484b4.exe
    "C:\Users\Admin\AppData\Local\Temp\597c835575242d24ac49bae8b7c14e06aeb6f28199869d6b2c12ab80b3b484b4.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2340

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    78KB

    MD5

    a3e8e946a7d6cf2dc49dfbe4ae8d7ce9

    SHA1

    2b629679a621622e0b050138e35bb5d4cc6a32fa

    SHA256

    cdbf5c07d3bc470efe469388a4128cb8a155af128977aed75f2fad868bee6523

    SHA512

    f5635ed5ef29d65799b20147d9308551ac71beb819bbdee76b565f48abef8e8a783d5146a4196d02428be1410ee3e582b745884fe407aa8c5039f8b9bf306424

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    4bd321fc529eeff5a6a4d5751a69a566

    SHA1

    d72fd9c93d51bbb5b70683853c2eed320c0bafd6

    SHA256

    2ee5ec45666ec8c23a38a6e1ecd226219a3cf57bcdd8384347837ca8e9994600

    SHA512

    ed72e568710d8b07d048a030ac1e5dc7f114e5d934ce2fcba5c5feb003e6806b930cfbccb74798ace9c892669c7fad8b2bc935849dad55c7f1f0d791a568b550

    Download Submit

  • memory/2340-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2972-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2972-17-0x0000000000360000-0x0000000000376000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2972-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2972-21-0x0000000000360000-0x0000000000362000-memory.dmp

    Filesize

    8KB

    Download