Overview

overview

7

Static

static

3

d97101379f...5d.exe

windows7-x64

7

d97101379f...5d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-05-2024 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d97101379f4817eba0ae1bb7127cfd7fca3c0d8d1d666b494b67b844d3ee685d.exe

  • Size

    75KB

  • MD5

    ea6b31917503e611c8483b58fb7b2725

  • SHA1

    26c0966d99b7fd5094e59e4d779116d8d490752a

  • SHA256

    d97101379f4817eba0ae1bb7127cfd7fca3c0d8d1d666b494b67b844d3ee685d

  • SHA512

    807d32587877ff01ae19f964bb03bae8231db995ff285f3fdd124f43db45414cf1d7ae7d5d0e1a20eb7700c5cfe51276bd660af197fe6624153211752a68532d

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOfvx:GhfxHNIreQm+Hisvx

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d97101379f4817eba0ae1bb7127cfd7fca3c0d8d1d666b494b67b844d3ee685d.exe
    "C:\Users\Admin\AppData\Local\Temp\d97101379f4817eba0ae1bb7127cfd7fca3c0d8d1d666b494b67b844d3ee685d.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:316
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    85KB

    MD5

    06604698d7249638d0791c4bc6d828ce

    SHA1

    9c5857e81a121a04f814ccdeb1316f5dd2e1f5fc

    SHA256

    cd3e0d03f2b522296fcffbbf9afed1b12f6860ae4390e34a0ab9724aa8374cf4

    SHA512

    bc19125a1b5b8a8643f9c95c67f9944530c24499a454d0ed0606359c2b6cc0017600047f15d623afa8daaab1b806971f3c1bae0fcbb53ccca9cc047ab201b376

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    79KB

    MD5

    3d4a949b04f8005efa0f04f3b91f53cf

    SHA1

    215685b174de2cfbbee57c09d3d5955b92701d35

    SHA256

    8eac8ee363f79399084301802b1ed239f5e5eb8c65eebfdade003eb8854d536c

    SHA512

    073a48010c950e683de38509ea6887ea34962111f865b46d77ef5b8bcbe1390e1c919b98929bd620ac98634b16686243cf6fcd9963116d36e0aa4692ad8cd678

    Download Submit

  • memory/316-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/316-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download