Overview

overview

7

Static

static

3

bd2ec25224...c9.exe

windows7-x64

7

bd2ec25224...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    21/05/2024, 20:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe

  • Size

    82KB

  • MD5

    28cb535e070b8a5eac6885ed2ad693e9

  • SHA1

    d6959ddf71c7dc6d4a6becad7280693c8692f393

  • SHA256

    bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9

  • SHA512

    137a6a4f8a3920f5683690cb25390f0c25e12da533215e00bfc6c10e992a7d807945749a217bce2b6874d26c038909c052bb0522d2c9441eb36a4a0bfd802cea

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOYAlB75:GhfxHNIreQm+Hi1AlB75

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe
    "C:\Users\Admin\AppData\Local\Temp\bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          74KB

          MD5

          cb418c074425a2583e5253d4d25d7b18

          SHA1

          34f48b1436265fcb21a00e82e24cb01ef8516287

          SHA256

          f872376021e3ee71c8956a8c81ab3feaf1973afd1cef8b9bb987febacb60e6e2

          SHA512

          2ead660eb0cf5732d3d28498b23cf3107c026be33ca77d5d24a58848d7ca1cfab8db1de44920bb2f34501f347c9660522d67903b80548747b2765146e9478c49

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          79KB

          MD5

          b07c68691e4eb3e60b3234e6234910d4

          SHA1

          89b313d3e7d637d1b82938371d2d1bbd000d67e4

          SHA256

          aece58cb45e15596cbf587828f9fb573cc79d4299647733fc5189ac1a5a6e1aa

          SHA512

          2bbb4178e45185349a6481d8fcc86bc8b3d6f0127910e3eb6d2e00bcc666126da720d9f2ddd985592ea430c81367972eb87d70fc3403e42338080feab034a315

          Download Submit

        • memory/316-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2932-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2932-19-0x0000000000270000-0x0000000000286000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2932-18-0x0000000000270000-0x0000000000286000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2932-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2932-22-0x0000000000270000-0x0000000000272000-memory.dmp

          Filesize

          8KB

          Download