Overview

overview

7

Static

static

3

a89303deec...b0.exe

windows7-x64

7

a89303deec...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/05/2024, 08:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a89303deec42806c7f9939aa1b4ed2c52d61b81497b2046e36efbf5590b5d7b0.exe

  • Size

    73KB

  • MD5

    e39c934b9f05ce4a4361a6ec8f2eb790

  • SHA1

    5696cd0f681aa53e6e57e97e8dd675f58eba80aa

  • SHA256

    a89303deec42806c7f9939aa1b4ed2c52d61b81497b2046e36efbf5590b5d7b0

  • SHA512

    95ea40aa7a7f2c3435c4a78252de381f09158f3483ec626b43e45c0bfd3c069c1977295c5a1b0daaca752bb0be0bb81df9ae08806750037083b9da529da22852

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO8:RshfSWHHNvoLqNwDDGw02eQmh0HjWO8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a89303deec42806c7f9939aa1b4ed2c52d61b81497b2046e36efbf5590b5d7b0.exe
    "C:\Users\Admin\AppData\Local\Temp\a89303deec42806c7f9939aa1b4ed2c52d61b81497b2046e36efbf5590b5d7b0.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5008
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          81KB

          MD5

          1fba939c9785df61bbddbbf3e2657150

          SHA1

          b895bc2a8b58e129779d3177c25fe36e13f8592c

          SHA256

          a18c79dd3731482f8fb1b00c3bbf16afa512f655ffba3b10dc308258c3b5cae9

          SHA512

          7cf8f00f1daba7cf235f894904e18ae39c56b89a3263beff7a5a493911c7a4d1dc2e09378b11450ad282529620f431a90c8af91864d7eabd1ecee1796df2c5f3

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          73KB

          MD5

          8b83af8f861b1073ca61af16fb6dc924

          SHA1

          f550fe632a3eb991110f60e7e79fe0aa72f1ead6

          SHA256

          23551cc3a70a63b30d2f3d9861bb62feb8ad8b859d511904e837f33968f8f3c9

          SHA512

          66bcb5373f994470d832ef86d4d690c227b94398cb0e58cf07015474f632f113edf98baa7c89c784e9155b812840bbcc7d3e279c0a69c05de0fb5c216e291b76

          Download Submit

        • memory/5008-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/5008-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download