Overview

overview

6

Static

static

3

70fe3bc78e...d1.exe

windows7-x64

6

70fe3bc78e...d1.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70fe3bc78ea9f2efcb3ba2992a730006248eed1223840cc1d15aac17dfe4a9d1.exe

  • Size

    775KB

  • MD5

    3df65bf289e8aeb95472790365a26590

  • SHA1

    c0311332ebb11f2459efb222edda5824480bd534

  • SHA256

    70fe3bc78ea9f2efcb3ba2992a730006248eed1223840cc1d15aac17dfe4a9d1

  • SHA512

    8df764e41c852e5c3fffe8457f32b3bff203a71b1e58b7ca28086aa5ed1bc106f9deef0697b686d443fd1413de6fc36d8034b6c12d886abe159dd862f269ec5d

  • SSDEEP

    3072:MGjhaq5iL0beJQZt32wLji5DlsODxRPNDkjmHzW9hUd56JsuBSjwGPmO12i1DTBL:Hha8iAx+1zwjmHd6vB/jO11T9eYQYm

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops file in System32 directory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70fe3bc78ea9f2efcb3ba2992a730006248eed1223840cc1d15aac17dfe4a9d1.exe
    "C:\Users\Admin\AppData\Local\Temp\70fe3bc78ea9f2efcb3ba2992a730006248eed1223840cc1d15aac17dfe4a9d1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    PID:1148

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\AVSCANNER.EXE
    Filesize

    784KB

    MD5

    583e3845428bbd5e331500d14fc3904c

    SHA1

    737740034e4890b777df83a69f7a771f91a89f91

    SHA256

    e1b4f7c07903ca51436c4aae4e91435d7bd57ab7541d8c80bb7b8c232563fd8f

    SHA512

    46a1942696460fad4c16953f1b821aa1a1bdf86cffd489b80453478c23f9a237b1fcb4eb60b846fe9dcd38272039bf4ea8d8db996e441831738b4bee7c380d6d

    Download Submit
  • memory/1148-0-0x0000000000400000-0x000000000044C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/1148-7-0x0000000000400000-0x000000000044C000-memory.dmp
    Filesize

    304KB

    Download