Overview

overview

7

Static

static

3

e114c08e64...d2.exe

windows7-x64

7

e114c08e64...d2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/05/2024, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e114c08e64b9af00451109fb0d298620950746d9189f074eb4cf2c07a17facd2.exe

  • Size

    73KB

  • MD5

    6fd4b47ecb957e5698af24b62f8afad8

  • SHA1

    92037d57624efcb865d34b5d82ceb57b70e59e2d

  • SHA256

    e114c08e64b9af00451109fb0d298620950746d9189f074eb4cf2c07a17facd2

  • SHA512

    dc8f7d53f97a518622b154a44935e2dd1b2d12a90de6e3e2aa749637108080fd35544948fb48ed5a44a540830282072c3196c795583ca39401cea2e1a70a2359

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOr:RshfSWHHNvoLqNwDDGw02eQmh0HjWOr

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e114c08e64b9af00451109fb0d298620950746d9189f074eb4cf2c07a17facd2.exe
    "C:\Users\Admin\AppData\Local\Temp\e114c08e64b9af00451109fb0d298620950746d9189f074eb4cf2c07a17facd2.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:380
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1852
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4340,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=3820 /prefetch:8
    1⤵
      PID:5088

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      85KB

      MD5

      aa353fb6eb6b6603ab3a2fdf39d218b8

      SHA1

      bfe23dc20ab18f66fae358d1b36321dc2126a88f

      SHA256

      13a6fda50caff71b51c667fda18c6be8e737d5d914e711cdd1763a1aacaa0885

      SHA512

      f8c8f4d9866c8def52c56b1480115c0980c4ef93edb402f47e8f4322b1f21293b9bad8074cec59a02783eb5ee9bc5747d9f30d8e13eedfae9d35ec85bf2f9e9f

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      83KB

      MD5

      3c998f7f9a22027ac604d9d260968fef

      SHA1

      aa54cd45427ef0e69d128396c25d237718e2b048

      SHA256

      19cfeaccdd8a265f8cf4ca0427d799145be69564200ed4cdc903b15793946574

      SHA512

      4d43f46b763de0fcd01fce59d2b2979083b38dafa2c9c002a72b1b5e339382b8574208c66c49149dacf73159f1a04a57647ab4b81e57c8f747886468fa228ccd

      Download Submit

    • memory/380-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download

    • memory/380-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download