Overview

overview

7

Static

static

3

d2580c6ed6...29.exe

windows7-x64

7

d2580c6ed6...29.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    19/05/2024, 23:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d2580c6ed6d3704b57ebfb8cfee67acafb939583c66d4739694b0b496031c829.exe

  • Size

    80KB

  • MD5

    8a99078692a512ce6cc5364636f5b72c

  • SHA1

    e98f667d96ba0ff57640f314a151e50da7b50d19

  • SHA256

    d2580c6ed6d3704b57ebfb8cfee67acafb939583c66d4739694b0b496031c829

  • SHA512

    4de671dc1a62d2712aaea4b2f11e32407d2b2958c55e9f102aadd127121a1885ae8342268937791b7c4fe87a2e6098df12fbe68000164eca3cb56ea8bcbedac0

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOaRibZ+:GhfxHNIreQm+HiVRUk

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2580c6ed6d3704b57ebfb8cfee67acafb939583c66d4739694b0b496031c829.exe
    "C:\Users\Admin\AppData\Local\Temp\d2580c6ed6d3704b57ebfb8cfee67acafb939583c66d4739694b0b496031c829.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2952
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          86KB

          MD5

          17156bb892e59bec753e102a63332d48

          SHA1

          ffb555d46bb590df4a77a46fb3c5a5f51ceb5a7e

          SHA256

          4a9400ce11f58ab22efded5202da4ec6215a82a73bdf4d4aaf7114669dc5d682

          SHA512

          07b4c7044fd6bc1e53d1424c1b7ebedb448855f9c39f7f09b8aca9bcf53c0b74fbd88e304c6c0e9b8411af0cbf60fdb126bf61a4c8f22c61c56683822dc49034

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          80KB

          MD5

          5ffb7ed93a94336288743226cdf59df4

          SHA1

          1f354bac3649f5ab0ea7e82888113a6d2c873a29

          SHA256

          8f21c2043b0e5ada5833054c5218c98f78c7c9e650a0534ab5c7d5e583cd30f2

          SHA512

          45b1594000ccf8ee5fb3c3ae3de54edb65e7e5482543281160b2954e62c63199bc3ddfbf97b0886c268d83b1ac3576421620a6a2cb1d06b4257b79fd8a69e977

          Download Submit

        • memory/2952-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2952-18-0x00000000003E0000-0x00000000003F6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2952-17-0x00000000003E0000-0x00000000003F6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2952-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2952-21-0x00000000003E0000-0x00000000003E2000-memory.dmp

          Filesize

          8KB

          Download