Overview

overview

7

Static

static

3

bd7f7fd5a3...0a.exe

windows7-x64

7

bd7f7fd5a3...0a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2024, 23:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd7f7fd5a379598d37916bfb89911091ab88545f53c709079a7fcac9d20d960a.exe

  • Size

    82KB

  • MD5

    3638a9d6da3f3de75c2575f14cc8085c

  • SHA1

    58d464f951304bd4a81ccd147ce933ef5b550026

  • SHA256

    bd7f7fd5a379598d37916bfb89911091ab88545f53c709079a7fcac9d20d960a

  • SHA512

    5d11ff7aeb260aef08472e9ea05f118378cf3df6f09072346870d2a378b999e7fc3ab572f44b383fc8b18491b6210c1e66c57e2709c2aa89d56a7c9125801efc

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOQMESE8:GhfxHNIreQm+Hi9MESE8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd7f7fd5a379598d37916bfb89911091ab88545f53c709079a7fcac9d20d960a.exe
    "C:\Users\Admin\AppData\Local\Temp\bd7f7fd5a379598d37916bfb89911091ab88545f53c709079a7fcac9d20d960a.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2428
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          81KB

          MD5

          2d5f79b231da186f7bfa62760fab0357

          SHA1

          7b74b93368d3f6a739f3c070e9f58c117b9cf80d

          SHA256

          c29f266b60b7ae2d882a4fb0788cf64efa6a31a05c031dfa791f28927a7ca059

          SHA512

          198d78b23df6e426ba195c7c6ffbf94ed0ae42a053e49637822a0b53a5d1bae8fb31ad20bf4257a03162476e65159af246000a3a9c89a276de1e0b1581f31981

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          76KB

          MD5

          75c78e8aafd6f68cfb2e1ede3c1ec0a2

          SHA1

          85db79dbea5790fed69ad821b95fc1dd9787ef3a

          SHA256

          4ca3c651ce9e4ae5b3a5c54d291600fea4cd0eac88c11a719c3e01a01a7786f7

          SHA512

          71ee7e478b63e28c6d2b28acb5179775772cfb11ac1ec0f1441e4c319a98dcca8903f13abc5ad4d5caad8248c08849a6f655782dd145d8bb306cce8e8a84d24a

          Download Submit

        • memory/1632-19-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2428-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2428-11-0x0000000000260000-0x0000000000276000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2428-18-0x0000000000260000-0x0000000000276000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2428-22-0x0000000000260000-0x0000000000262000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2428-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download