Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
21/05/2024, 01:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe
Resource
win7-20240508-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
8 signatures
150 seconds
General
-
Target
96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe
-
Size
53KB
-
MD5
7d8715667a4d7dde29bd4f330f71a2de
-
SHA1
cbbd760564632b524599c421ef61bd75cd206168
-
SHA256
96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8
-
SHA512
0cd753414704c6c45a2053f8f0733a60bef9864491bcb1d1d5f48ccf3151c8da8eaa05b0db92d37410ab24f860093b149d6f3090de64909a43c205ef53c72833
-
SSDEEP
1536:vNtg8r8Qvkas7Kp3StjEMjmLM3ztDJWZsXy4JzxPME:DkasJJjmLM3zRJWZsXy4Jt
Score
10/10
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" cuaxiiz.exe -
Executes dropped EXE 1 IoCs
pid Process 2424 cuaxiiz.exe -
Loads dropped DLL 2 IoCs
pid Process 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Windows\CurrentVersion\Run\cuaxiiz = "C:\\Users\\Admin\\cuaxiiz.exe" cuaxiiz.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe 2424 cuaxiiz.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 2424 cuaxiiz.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2180 wrote to memory of 2424 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 28 PID 2180 wrote to memory of 2424 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 28 PID 2180 wrote to memory of 2424 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 28 PID 2180 wrote to memory of 2424 2180 96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe 28 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27 PID 2424 wrote to memory of 2180 2424 cuaxiiz.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe"C:\Users\Admin\AppData\Local\Temp\96c7be41cff34723f6a4cba36facd3a0f994c5582588fe5091b7edd2a800b4a8.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Users\Admin\cuaxiiz.exe"C:\Users\Admin\cuaxiiz.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5ad0863667197b0be1d17146f7732c35c
SHA135598c3572911ea32827f32ddd67a215f5804ea5
SHA256cfb76cbab086df5dcb0d8bdacfa133ef860a96f03b9dd5da186a1c2be05f3e0a
SHA512bd27622a0dbb6d345a86ab7ef2f66577f643e304dffb5467f6438762e5c144829761c6e72cc3cc40a5a39cf2dd2c22d74a108741181a20b7c1ea97dae7e53e94