Overview

overview

10

Static

static

3

Perm_Tool (1).exe

windows7-x64

10

Perm_Tool (1).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/04/2024, 17:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Perm_Tool (1).exe

  • Size

    4.5MB

  • MD5

    b699fb1e93b8af5c782daef0df8f643a

  • SHA1

    22cd3599ee1914d8cacd9f2b2e777c013d853d80

  • SHA256

    7be4b480f8901d491a111cfaa52ce2e385e53d40ecf691549124428782cb92ac

  • SHA512

    05eff6ce8edf7d04d52134b736aa5bd2fa146b589176282b7c705d0c3bd66f54e21572116d8563f695cf6ea6862a1b46c1ef1267d28e6727bc9b20fe3de7129b

  • SSDEEP

    98304:tbKj5g4vHzvT8lKF3eAxFPKJAO11GaNluxLpyLZnjAHMOnyH+:oFNvTekpASmG1w1AHMOA+

Score
10/10
evasionpersistencethemida

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 6 IoCs
  • Themida packer 2 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Perm_Tool (1).exe
    "C:\Users\Admin\AppData\Local\Temp\Perm_Tool (1).exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1504
    • \??\c:\users\admin\appdata\local\temp\perm_tool (1).exe 
      "c:\users\admin\appdata\local\temp\perm_tool (1).exe "
      2⤵
      • Executes dropped EXE
      PID:1272
    • C:\Windows\Resources\Themes\icsys.icn.exe
      C:\Windows\Resources\Themes\icsys.icn.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3876
      • \??\c:\windows\resources\themes\explorer.exe
        c:\windows\resources\themes\explorer.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • Executes dropped EXE
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4764
        • \??\c:\windows\resources\spoolsv.exe
          c:\windows\resources\spoolsv.exe SE
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2728
          • \??\c:\windows\resources\svchost.exe
            c:\windows\resources\svchost.exe
            5⤵
            • Modifies visiblity of hidden/system files in Explorer
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in System32 directory
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3960
            • \??\c:\windows\resources\spoolsv.exe
              c:\windows\resources\spoolsv.exe PR
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:2288
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:1088

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Resources\Themes\icsys.icn.exe
            Filesize

            135KB

            MD5

            85bc2aa04130727ba7faade18f56cda3

            SHA1

            ad03016bbf5b2df71c29e4b624b2a2d6a478defd

            SHA256

            0de12bf43f85f713e6a991d3a6483955612dc4471f7f10e505bb96e73513e010

            SHA512

            0b9f5635576abe071abb798d09550e261296ef6f7efd26cc7d123b320dd1ab7243604528b0dc32178b21a8e5bb74c8e610c4afd407cfadd6c9eb3c19cbd9d8f1

            Download Submit

          • \??\c:\users\admin\appdata\local\temp\perm_tool (1).exe 
            Filesize

            4.4MB

            MD5

            43ba0a572272cb32dd0d9bd1e01f866b

            SHA1

            f6fa7cc413bd866c81d9e53f247d63f890897da4

            SHA256

            9d1718b3f0dbf41760532cf8cea32177a5c81f1ad2e468d55722b4cf5245d1f5

            SHA512

            b8fdcc82479fc650a8e02238c14f0216df46a5a19961c0728f0e76e9a9f96f92eeabca32461bf71be488af72c3d19327724e9c62b057fbaa2ea61713666b7a5b

            Download Submit

          • \??\c:\windows\resources\spoolsv.exe
            Filesize

            135KB

            MD5

            52d6556162a9826ad929e2c8d70735bd

            SHA1

            f8210e7a62209da8d5ff80c3bce3771e3c871f7b

            SHA256

            5459ddf38de5c31e8ff5cab20743cb428e412cf2b037e1515a72c4f7a08f4c4e

            SHA512

            21dcf521f849d1c2185d43f08cbfa4e3dc20d298aa2aa38ec42ddf3731cc1ef2c00aff935ffe2464f16ad9e2db4b062078a38f275636f3ff6055b61f01414452

            Download Submit

          • \??\c:\windows\resources\svchost.exe
            Filesize

            135KB

            MD5

            9f30d9b1483730c8f954a7285ee6f48a

            SHA1

            41177caecfc02a279228440d46d7966a7d0ee65e

            SHA256

            ac7cf78b79647050258020444aeef4dc712399a5e05d1f68ca765a2aa5b6d1f7

            SHA512

            6410a5b50e661f1eb838e2972274d3868a5983f196f282553eaa6f13c7cf21d9647b2e271c482c5b598caf01a0054b99ec2344051c9bd776defbb36243d73b3a

            Download Submit

          • \??\c:\windows\resources\themes\explorer.exe
            Filesize

            135KB

            MD5

            8b08949b37a4e9e1871483f3cd72cb1b

            SHA1

            5f799512f9f399a4d237e1079425c6d99261f92e

            SHA256

            b309736ab241712886eb9c9158e2eb7d636a1c02ffdc5faa04b28da9a1f98ed4

            SHA512

            861cd4d5db6deffcac941bb6a86a1a65ddefa0f4b659250161d9bf7b00cd8497919302c1a4f25c1884bc46bbce91721185886ef137772f6301b4ff96039692c8

            Download Submit

          • memory/1272-13-0x00007FF79B9D0000-0x00007FF79C52D000-memory.dmp

            Filesize

            11.4MB

            Download

          • memory/1272-49-0x00007FF79B9D0000-0x00007FF79C52D000-memory.dmp

            Filesize

            11.4MB

            Download

          • memory/1504-0-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download

          • memory/1504-48-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download

          • memory/2288-45-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download

          • memory/2728-46-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download

          • memory/3876-14-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download

          • memory/3876-47-0x0000000000400000-0x000000000041F000-memory.dmp

            Filesize

            124KB

            Download