Overview

overview

7

Static

static

3

e49235e605...7c.exe

windows7-x64

7

e49235e605...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-05-2024 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe

  • Size

    78KB

  • MD5

    a7d61ab6c655d8bfb5d9804d6a010dd2

  • SHA1

    eecedf39de8c1c73059b56d8e4df651f771a634d

  • SHA256

    e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c

  • SHA512

    7061b1615557815eebf94c621a7e7916c26e11c1b384ddd5c452b8e0fa675f4e4d2a13f327616012aed44eb23b835d49f2457b26b4fa7914bd4efb397d0e3e04

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOt2:RshfSWHHNvoLqNwDDGw02eQmh0HjWOQ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe
    "C:\Users\Admin\AppData\Local\Temp\e49235e6052b75ed46dba5c4359028a90a445e37aab52e5725fe5d005dafe57c.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4116
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1560
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:8
    1⤵
      PID:3328

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      76KB

      MD5

      e2f6fef4b4be043e96b1ee9c3d1e3995

      SHA1

      2098595764cdd0f393e09d15e1aaa66bfc9bb58b

      SHA256

      80a28d4525cae155813fbd616c756463166ef908644b19d2dfcdfc3c8a5c25f8

      SHA512

      72c2e2633468359e6c61e2936e7a713b519be960696cacdd6ce74169a1c9cc5316f6eecf6c6212a44aecd5321875a90ace8c6a89df52b166236fd292a3a1519a

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      80KB

      MD5

      f620335d307c7af46c764b5a8aa0029f

      SHA1

      cba433a750fc5f65fef6e5ca778fcdcff41c6d68

      SHA256

      2b9f579ff94150ba209d9569e10ccf47c0b0b21bfbaa7603a34eaa6f4f517cee

      SHA512

      a48090d9f28270aef3e85e4e12b8dd48008a3ef6a09e28584140049208168545f8d1e45b16e9bce5193bf7b11fccbfd21425b4a3a924481618ebd4f276fbfd4d

      Download Submit

    • memory/4116-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download

    • memory/4116-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download