Overview

overview

7

Static

static

3

e056fa4f27...a3.exe

windows7-x64

7

e056fa4f27...a3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01-05-2024 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e056fa4f27f1048f168c3326956b0da99a340c4763ec672e456e50a8366a8fa3.exe

  • Size

    76KB

  • MD5

    9dd87d7e39d9133abaf02aa1def29a47

  • SHA1

    8f9aad08a555ed87f9d8dd90e944515e20fca8f2

  • SHA256

    e056fa4f27f1048f168c3326956b0da99a340c4763ec672e456e50a8366a8fa3

  • SHA512

    4f6c6ba553c2eb8310183edbc2bf2944045986ca78469f2d39683a6acd35bb3f6f078f69e3f3d8027b433e7cd93d6d691dab931797b0a5494ba701c4b4ca8c12

  • SSDEEP

    1536:abSshapMJgKJUuxGmfJPtOgqm1s/XZSWcHFL:K25KJFjfJPtOgqm2/XZXc

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Program crash 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e056fa4f27f1048f168c3326956b0da99a340c4763ec672e456e50a8366a8fa3.exe
    "C:\Users\Admin\AppData\Local\Temp\e056fa4f27f1048f168c3326956b0da99a340c4763ec672e456e50a8366a8fa3.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1248
    • \??\c:\users\admin\appdata\local\temp\winlgon.exe
      c:\users\admin\appdata\local\temp\winlgon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 256
        3⤵
        • Loads dropped DLL
        • Program crash
        PID:2656
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 204
      2⤵
      • Program crash
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\winlgon.exe
    Filesize

    76KB

    MD5

    dec694e4cad55681987a9a8aaeb626af

    SHA1

    032766fcb4409f8ed2c76862e963daff37434a16

    SHA256

    99aa63593ff301cb170791b605b153b40abe5e74683cfb7bcc656b8b5f1a9ea3

    SHA512

    6e7c2aee95acecbc714b625fac42a8d0a79f426da5dc9993e9335a63a797e02a3fd8aee84cb12b1c8361ad00ff198ed1e1c4d60c4b1ceffa0585eb62ec0e4657

    Download Submit