Overview

overview

7

Static

static

3

d6cedd61d5...d5.exe

windows7-x64

7

d6cedd61d5...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 02:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d6cedd61d575e9193f85648f68aeaa2414e0a5710b659a5894f9c6107c7c0bd5.exe

  • Size

    79KB

  • MD5

    e72cd49ad0842e4f3ac030999d5ca1cc

  • SHA1

    77d57b2dd8e87fd7b9de6f8209f257989c91c48c

  • SHA256

    d6cedd61d575e9193f85648f68aeaa2414e0a5710b659a5894f9c6107c7c0bd5

  • SHA512

    d5b96ec68b674adce6bb6735fde59d756bb4d3e562f71f8870b6cc28db8028e7008e3ae583b1e6fb87fed1087fa23d52a91f11e9998691963459c9ee28aca2c5

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOx/c9:GhfxHNIreQm+Hia/c9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6cedd61d575e9193f85648f68aeaa2414e0a5710b659a5894f9c6107c7c0bd5.exe
    "C:\Users\Admin\AppData\Local\Temp\d6cedd61d575e9193f85648f68aeaa2414e0a5710b659a5894f9c6107c7c0bd5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2696
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          84KB

          MD5

          4946d465a1d8dfaa685d127d3e36f5be

          SHA1

          1ab5c8d4a68bb3a13ca42ef4d523f857ea2fd1b8

          SHA256

          abfe02121f5a752853e72971e8927a2918594c0b1c2fc33d95054dc95c02ae15

          SHA512

          9e3cabbe0930b9eac7d98b7f33d272d19131478bfc9bf147da8a3cf66af5625db7924988efeb31262746960c10f58d0a73477cb568ad96c05b9c693046207acc

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          75KB

          MD5

          2385e7a68e1dd065085d2e97202807d5

          SHA1

          79659729f4de7567b4bca76b23f91dfb80e07320

          SHA256

          bc79f31308922d506fe9f6cd21f9f88e588b1494ee72bfd2506ac0979a671074

          SHA512

          1e17cd7a3c706223c6693a097c1022f039ec4f4098ab73b182c82bba4830d047e4ab9339af92bb8acb2abb5bcba53eba1e4656f0cc42486a246865ecab40ed56

          Download Submit

        • memory/2696-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2696-12-0x0000000000360000-0x0000000000376000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2696-17-0x0000000000360000-0x0000000000376000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2696-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2696-21-0x0000000000360000-0x0000000000376000-memory.dmp

          Filesize

          88KB

          Download