Overview

overview

7

Static

static

3

e49235e605...7c.exe

windows7-x64

7

e49235e605...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-05-2024 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe

  • Size

    78KB

  • MD5

    a7d61ab6c655d8bfb5d9804d6a010dd2

  • SHA1

    eecedf39de8c1c73059b56d8e4df651f771a634d

  • SHA256

    e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c

  • SHA512

    7061b1615557815eebf94c621a7e7916c26e11c1b384ddd5c452b8e0fa675f4e4d2a13f327616012aed44eb23b835d49f2457b26b4fa7914bd4efb397d0e3e04

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOt2:RshfSWHHNvoLqNwDDGw02eQmh0HjWOQ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe
    "C:\Users\Admin\AppData\Local\Temp\e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    728d42357cd35436744a8defe07ada86

    SHA1

    9996410dfe20691fe0c6e4b9eb23920aa0e58592

    SHA256

    96b9f35ff285189c62246eef75659f23206f0938c8905d4dedda23652f2d249b

    SHA512

    86e869af32e56337d452226a1f7fdb9886025cdc2eb2e796c375fdf4415ae275cc8a8f6ccf1b07c8f4cac04d5c63adf98d820b6cb03b699761fa83dfe64dae9b

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    73KB

    MD5

    4c74b82ebd7375c583574875d055cf6a

    SHA1

    4e6bac7a91811044e7a4b126e7bc48cbe749941e

    SHA256

    96bdf073674786d953a96deabb28fd21159399aab2a5c8a01fb129b744a92c6f

    SHA512

    711b8dddc1e462dcbc623254db694ddf4ce148264b4d4ac565e6988014f9671f5becb637e64bdb9bffb5a7c65bcd9428fcd34c61024592cc5fd1547f8696c306

    Download Submit

  • memory/1040-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1040-12-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1040-21-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1040-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2080-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download