Overview

overview

7

Static

static

3

a42bc7f486...08.exe

windows7-x64

7

a42bc7f486...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a42bc7f4869646a2a9b0549ce5602194d2967e6a29cd58311e73d7e5f5bea008.exe

  • Size

    77KB

  • MD5

    00e79274ff97c90ed2e29a442cc6afb7

  • SHA1

    de191d93c096eea4177edf5e492cead2f45e899c

  • SHA256

    a42bc7f4869646a2a9b0549ce5602194d2967e6a29cd58311e73d7e5f5bea008

  • SHA512

    de920536b9c6adb58f8a6f446bd595b60a3e43a2b36f01b2451d0f04545683bc8ea5dd5d8c1797a56dea91d3095961c73e4cd94ee7582141434813c121f381d1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOmKK+:GhfxHNIreQm+HiBKK+

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a42bc7f4869646a2a9b0549ce5602194d2967e6a29cd58311e73d7e5f5bea008.exe
    "C:\Users\Admin\AppData\Local\Temp\a42bc7f4869646a2a9b0549ce5602194d2967e6a29cd58311e73d7e5f5bea008.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    bf5a05feee39e0a3d3f85602c635f79d

    SHA1

    c0afc108dc5cc994a1015d407306cb3d7012a4e5

    SHA256

    367550be47e7f4c4bd0645f768364005e97f1509f9f8d198b056c0279f8d45bf

    SHA512

    e6bb434309e55a9f61231e689f31628de61d8d4802072e461240eb4f07f3954d024641cbabf743de224c610d20d6f9d51f0c7018de62cc0e9e89c8da704afb13

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    8afc6392b274e77f621dfc7179bd9c9b

    SHA1

    86d895a9d5fc4eb044060e3d3b6af7f09478f29b

    SHA256

    b2af124512a882ec4eb69c36dcdf6fb1272dae1b87e0896c24628f81cd54ae67

    SHA512

    b37eee796688e778fb9de200775b20b545509e477573c5d4bfc5bfcf0c694eb316e25a4cfe608390da4fc87dbdf99e5e578fbb255dc20259b5076b768be6ae59

    Download Submit

  • memory/2132-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2968-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2968-12-0x00000000003A0000-0x00000000003B6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2968-21-0x00000000003A0000-0x00000000003A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2968-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download