Overview

overview

7

Static

static

3

5510219bd5...42.exe

windows7-x64

7

5510219bd5...42.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5510219bd5e48f7e36d15616bc1ae48096defb97df79944f7d6fafbf31e48742.exe

  • Size

    84KB

  • MD5

    7ee390f5e7b0cfb7c8c642f66c91a7c0

  • SHA1

    4b3536ff664593ab504f9827dac835dc78b57784

  • SHA256

    5510219bd5e48f7e36d15616bc1ae48096defb97df79944f7d6fafbf31e48742

  • SHA512

    de70aa0f143446219a3c96e73f294b0e88751f6201111191a52ef4f931771ff63aec6f9253e286af40ae9a787d71f7d59d60157a2c4b2f23c914e385dc6dc4ee

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWONOfNpKx4:GhfxHNIreQm+HiwOfNpKx4

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5510219bd5e48f7e36d15616bc1ae48096defb97df79944f7d6fafbf31e48742.exe
    "C:\Users\Admin\AppData\Local\Temp\5510219bd5e48f7e36d15616bc1ae48096defb97df79944f7d6fafbf31e48742.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    950003f14f5a1557020bc99d1d4d3906

    SHA1

    41101c32ac8a9b6ba6e7528176f105d7d2b8562f

    SHA256

    d77eecb4c6450248cf6f195d4546fd9d77910195587216c474bfb014b97e188c

    SHA512

    ddc3fa06c117d89166e4c5d818e8c838a4631f9c9c671c37c37f0ae8816d697de465dd9ab7897f7bb73251b87bb911878e0fcba5dce7f7869b52519ffaf34d40

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    77KB

    MD5

    060d195e55dee142e33ce6bad733f1ef

    SHA1

    37d7c63f2d14a28d57533cccbb83e57e0a64ce30

    SHA256

    ab4840927f231e0fae0a11e1bce1e3d63dba00b6c67059034242dfa7cb290e29

    SHA512

    f6418710acaedfd663483ef25b152c2e90baf0f0621062e5c7c4035f07eba5f9b54b0036ae86cd32b165606a5ace840f0b1c102be481dc8c6df625ad112bdaab

    Download Submit

  • memory/2064-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2980-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2980-12-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2980-18-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2980-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2980-22-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download