Overview

overview

7

Static

static

3

cb86cd89ee...06.exe

windows7-x64

7

cb86cd89ee...06.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/05/2024, 05:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cb86cd89eef978f36a3dd4e939b9e35b5959d6f2c0c9e0c14b3f06e0ea16a006.exe

  • Size

    82KB

  • MD5

    758ebf28c6a7d2a50cbdc4f5c4f1a1b0

  • SHA1

    d6f28d6f676fe40222762a881f0debcfd46fb3ee

  • SHA256

    cb86cd89eef978f36a3dd4e939b9e35b5959d6f2c0c9e0c14b3f06e0ea16a006

  • SHA512

    eca8f230d3a2a7229ea0d99d52cc92f22483f3dfc706354b2696548aaa11e93ab7c347d1c76eabbb917d980130c1c16b98090319437723194ed4aa5167e95e4e

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOyP9kF0HucLEsR5:GhfxHNIreQm+HiHP9kF0HucLEsR5

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb86cd89eef978f36a3dd4e939b9e35b5959d6f2c0c9e0c14b3f06e0ea16a006.exe
    "C:\Users\Admin\AppData\Local\Temp\cb86cd89eef978f36a3dd4e939b9e35b5959d6f2c0c9e0c14b3f06e0ea16a006.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          82KB

          MD5

          e7ef086b464f46f10573e288862e5424

          SHA1

          e7462b7b37992235f2f6fbf0a04943e43718da57

          SHA256

          189b64ed8c31b43fc733273a31e245f795a11d1dfdeabf3e6d6e7232d677dba3

          SHA512

          da854d4a2dfe5765e362484115f1b3b7bcc671578603f53e922dd93c8161f86ae251b670700423daf0613a8f0231d1cd1ab7d55317bbd3412598986b728ce27f

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          81KB

          MD5

          dad931211707a25ce1baf2ba7661c785

          SHA1

          e042932535f148c525c182e6494f82d93890ac1f

          SHA256

          34356cd123391c87116708239b9495998024f3b56ba047f543fddcca40a49fd8

          SHA512

          da22e065632cd9f1e6df90d7d434550291a2f88fcf49e76f2f7d30818e7e256532fa4a17600d5f9a2a567b937b7ea2bdb27449390a52775086a2138931024c4b

          Download Submit

        • memory/4876-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4876-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download