Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
-
submitted
25/04/2024, 02:20
General
-
Target
44d1f830c7722b20cd31338105fdbaa60b39471a8540b0c310f039ed14b09554.exe
-
Size
80KB
-
MD5
ecb5d3ab296e31c5a0e3f135f4286632
-
SHA1
11cf60a1fd1a1c07576617d9bd7f9903a2852d3c
-
SHA256
44d1f830c7722b20cd31338105fdbaa60b39471a8540b0c310f039ed14b09554
-
SHA512
ce7a6e61e47812b2ea334370512bade4e2396889b487b4f69bbe3958edad8b7b12cb6a03f1f9037484dfbaa6809456697e31f3766f695dad6d14419010ae24bd
-
SSDEEP
1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO1LJj:GhfxHNIreQm+HigLJj
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 5 IoCs
-
Drops file in System32 directory 4 IoCs
-
Drops file in Windows directory 2 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\44d1f830c7722b20cd31338105fdbaa60b39471a8540b0c310f039ed14b09554.exe"C:\Users\Admin\AppData\Local\Temp\44d1f830c7722b20cd31338105fdbaa60b39471a8540b0c310f039ed14b09554.exe"1⤵
- Modifies system executable filetype association
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\system\rundll32.exeC:\Windows\system\rundll32.exe2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
79KB
MD5c8afcd1223347e9b1ecd9b243a62d558
SHA127b30e81121f82341abced1bb65b31186d54de02
SHA256c2e19f21b78a049e4c5d4c1fa9c206fbcfbab2315114b7014f1e13e7fa10e28a
SHA512d686b811c022e60895d6027164c2ee9dbe5f3651d4f53a9cbe53dbc498ee7a3aaf8a59864a86c8bf63894900018fa6f24bf53b25bda0c6b8b37beb66fe973ee2
-
Filesize
83KB
MD5739ac2622d163805c68057330b50d131
SHA16aa04ba07304b2b251c3bcbdb7f097eca28dbc77
SHA25666b903c4661a4d55a2e72fe9f1bdd599c9745ddd8b9d29d3394999e47757425d
SHA512fcd7b8ef0fe64fb70d6ca557aaf348f10633a89d2ddceab8a2ada02353ca6156524b967fd56f74c19736c2896730848c36146fac8c4ed7cc0263fe2e4b3384da
-
Filesize
86KB
-
Filesize
86KB