Overview

overview

7

Static

static

3

d4b7bc7bbd...96.exe

windows7-x64

7

d4b7bc7bbd...96.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 05:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4b7bc7bbd162b0659d6caf32bd3ace1160f229e0ef554e43c2cb7904f2ba996.exe

  • Size

    82KB

  • MD5

    ee4d0f0e340f1d4272f3c72c3c2c799e

  • SHA1

    284cfe2aa44ceb79d07ed4e7acf451c615bf1631

  • SHA256

    d4b7bc7bbd162b0659d6caf32bd3ace1160f229e0ef554e43c2cb7904f2ba996

  • SHA512

    db864a92171fb6b6650518bbe1f09b8d082cc6c79c0bb576824b811691e3971cd1ce7e86f3ba1b415d759a30d35f0cd5182e5dc3a03fca5a4523276ff55b49e5

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOy4FMc:GhfxHNIreQm+HiB4FM

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4b7bc7bbd162b0659d6caf32bd3ace1160f229e0ef554e43c2cb7904f2ba996.exe
    "C:\Users\Admin\AppData\Local\Temp\d4b7bc7bbd162b0659d6caf32bd3ace1160f229e0ef554e43c2cb7904f2ba996.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:228
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    82KB

    MD5

    0b4506c21c490fd20f01c5c4df45092c

    SHA1

    ad9e0f359ceb3440ce0e4541415b816b2b18690f

    SHA256

    896a3b3c7b3c8ca884c59ac18d46de1da8e676790a8921d7f1711f04ad284195

    SHA512

    01385dd1890fc043cc45ff7405272864db19b808ff81af5820e1a93ac9c9632c724ec0ae3f2227b8d673fe4cbc829d8e7f0a38ff610835a5303d96d7fa11eb98

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    79KB

    MD5

    97bded5bf4a77886546984e061229f39

    SHA1

    9da8d157398c1e1ca7d3b9afa191c72b40926f16

    SHA256

    78d108464cb0ff6ec0a6d616b8d2dba6fdf9601146d72ad31610fffdc909fd2b

    SHA512

    eb8961d9ae1ebd74e36ae61e06955208d32a4068d36bee41ba11f563a523004ab1ec7ec3c3891f079fd44d28f63521ff3989c77872aac0a817d322a6bdc61ffb

    Download Submit

  • memory/228-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/228-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download