Overview

overview

7

Static

static

3

4373b647aa...2a.exe

windows7-x64

7

4373b647aa...2a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 04:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4373b647aa06768f55108fa99f11b213e616788f75193dca1adb7edddac38d2a.exe

  • Size

    74KB

  • MD5

    2fde9e8940fb690af3f084d6d868a14a

  • SHA1

    5da1aa68639555a80584cf6c3aa05d9a1bc668c4

  • SHA256

    4373b647aa06768f55108fa99f11b213e616788f75193dca1adb7edddac38d2a

  • SHA512

    9b5470e5d90d1bf978a39e5571439b7d5815f8bfa17ea5b5cd54160983f0e7157fdc1abb130312d21423e54d4ebb00489568b14a9e85f991d03f09823d0ecdec

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOm:RshfSWHHNvoLqNwDDGw02eQmh0HjWOm

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4373b647aa06768f55108fa99f11b213e616788f75193dca1adb7edddac38d2a.exe
    "C:\Users\Admin\AppData\Local\Temp\4373b647aa06768f55108fa99f11b213e616788f75193dca1adb7edddac38d2a.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:944
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1028 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2308

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      80KB

      MD5

      70a9da14023049a9f2a72ccf0da0188d

      SHA1

      400d128edc08712ddcc95b9440248a6e9ea4ac0e

      SHA256

      31c57e958ce6002ee765b8e6b1914d997760c6467a89aa5aa4ecb21dc9b6dd18

      SHA512

      f8604431007eb9a06c42a8313876790925c0e828feb3e5443383c2716d8af71bd3cefb5a09d948197c239a620ea24a49173f63bc4277918a246b1206567c5c45

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      78KB

      MD5

      c3848ebb921d56b589c33f46eb9479f6

      SHA1

      8408e13016ddccbe60747c80f6c40a05f6dab6f2

      SHA256

      ca50e53833e3aee267a1eac68700454e55f82245b5324fe0bdb9276f24795466

      SHA512

      16268588b0250c4b4b074223214e64a20cd3f05ac843ceb57d8503ca1a7df5910f990577543d3e4c4c6b91c2fd40ce6d75f74321ed7fe85a07f271ddbd6ddf08

      Download Submit

    • memory/868-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download

    • memory/868-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download