Overview

overview

7

Static

static

3

bd2ec25224...c9.exe

windows7-x64

7

bd2ec25224...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/05/2024, 20:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe

  • Size

    82KB

  • MD5

    28cb535e070b8a5eac6885ed2ad693e9

  • SHA1

    d6959ddf71c7dc6d4a6becad7280693c8692f393

  • SHA256

    bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9

  • SHA512

    137a6a4f8a3920f5683690cb25390f0c25e12da533215e00bfc6c10e992a7d807945749a217bce2b6874d26c038909c052bb0522d2c9441eb36a4a0bfd802cea

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOYAlB75:GhfxHNIreQm+Hi1AlB75

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe
    "C:\Users\Admin\AppData\Local\Temp\bd2ec252249b933eb8017ccac34efed4ff4337038ca87c9b14cca9fdf73210c9.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          84KB

          MD5

          3283cec35811c6892f0b6b8a6c0adb2e

          SHA1

          1506231c30015d343cdf4979c74241996abddc13

          SHA256

          92977e5c1149ffce77a3e269aeebae4ef3a9629aa25ee035d4f8bcfbed8e3f02

          SHA512

          62974f854c47c68f9f0a2ce202119694a29faf149764effe372cf168395d82035c07b00f3b36bb79393bc3c7e49495aa15112f0349069a22b3ce45b2dda3214e

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          74KB

          MD5

          23b3209a604dddd04a3a9099f8661484

          SHA1

          647bdd0250ba40001048db759f118c2234deb031

          SHA256

          00cabd90dc06c7429c22343deef8b6af43b0e681148a4850dd5677fe4edbe480

          SHA512

          55178479aacc14e1e45b42df8947c5b7d00c78b688075dd156b23083c2f034b2e286e2fbfde857e40b0230077e245e828a18b4b71333911d0af95712cfd704f9

          Download Submit

        • memory/4088-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/4088-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download