Overview

overview

10

Static

static

3

cd9836548a...1d.exe

windows7-x64

10

cd9836548a...1d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/04/2024, 02:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd9836548a80952bb29b791e7240571292bc43903891a4f0c40e6b3a93afc41d.exe

  • Size

    480KB

  • MD5

    80b3213c4737cbd603c23d360d007776

  • SHA1

    8e15b0c5f473eaa88e8d2e730f078e75681a7ac6

  • SHA256

    cd9836548a80952bb29b791e7240571292bc43903891a4f0c40e6b3a93afc41d

  • SHA512

    4f48bd9869075d290d78d928e7b4747de6e4002e4a8bad9ee016f3e94a3a756885c4f675531ab18d1d010cab214d9b05c3978a9b0075648db0a2f7439e8a0ba1

  • SSDEEP

    6144:pjFRiOcXH6XWD0w1tizmtnktLJ6znvxNcCI+1jDIlnJ9+1aTEPTnOK4JKElDnE:nRDc3yWDNU+YUznzNjElWaT07NQtDE

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 2 IoCs
    evasion
  • Adds policy Run key to start application 2 TTPs 4 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd9836548a80952bb29b791e7240571292bc43903891a4f0c40e6b3a93afc41d.exe
    "C:\Users\Admin\AppData\Local\Temp\cd9836548a80952bb29b791e7240571292bc43903891a4f0c40e6b3a93afc41d.exe"
    1⤵
    • Modifies firewall policy service
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:1956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\msrpc.exe
          Filesize

          480KB

          MD5

          6367d8cd21aa50c8be87312d4667c0b2

          SHA1

          cea69e21ec3cec2a6b5ef807966268f546d1bd8f

          SHA256

          641701548afc8c09f41c2f529a1f55c19680cbf0182fd89366647d18dbb0778b

          SHA512

          c5207654f8fc2b9a93f16c6d700d4f8b41cc861b37c5ee58700cbd4c28302fb8ae99fb31a868e78dcd3a89955686a8a795a2e34b6a130890824e4baee8e416d5

          Download Submit

        • memory/1956-21-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-3-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1956-1-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-19-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-20-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-0-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1956-22-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-23-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-24-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-25-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-26-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/1956-27-0x0000000000400000-0x000000000047C000-memory.dmp

          Filesize

          496KB

          Download