Overview

overview

7

Static

static

3

65c9048057...c1.exe

windows7-x64

7

65c9048057...c1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/05/2024, 00:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    65c90480578b19bd88ec724bca5bb8f5318ccc9bfd2f67c4120817dc617145c1.exe

  • Size

    75KB

  • MD5

    902d6e2d39c41fa861d0e8de160e3555

  • SHA1

    f3f1f8b0e0f85b4dbb8bac4564414d855fcc0e68

  • SHA256

    65c90480578b19bd88ec724bca5bb8f5318ccc9bfd2f67c4120817dc617145c1

  • SHA512

    62fc46bca9c42a9812c3cfb5804364349f90700a0b4aee6d85581b90ab276e08740b830669c3a034adcb6768c24705cdd3089d97c7564ee7a30c8774d640ad54

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOHx:RshfSWHHNvoLqNwDDGw02eQmh0HjWOHx

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65c90480578b19bd88ec724bca5bb8f5318ccc9bfd2f67c4120817dc617145c1.exe
    "C:\Users\Admin\AppData\Local\Temp\65c90480578b19bd88ec724bca5bb8f5318ccc9bfd2f67c4120817dc617145c1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2368
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          84KB

          MD5

          8d40e8b9c7138db956c1b4424f5e308c

          SHA1

          ead1b8dada378c14e6205bb55eed2ae14e7b5ac4

          SHA256

          f3ed65a10e343e40532ad0b39c47181fa4643fc1a139803778e7be587ee70d61

          SHA512

          c1c43f27535d1e016e5a91f4629ad6cffa58fad6dc43e57d90891dec021bb22160d49e06d5c439746c220ec3e33d738ab3eb557301cd04c7dedf15da9ec09e2f

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          81KB

          MD5

          6a719219bc4df717ba89cac0d0cdab21

          SHA1

          d299ae148d661f831bac741bcc648d192a1120f8

          SHA256

          a6db7fc957b5d94d30a08afb14dffe599df7f1f22c906da624ca1c4e0d9aabbc

          SHA512

          de872a3e7529b6234b2873bcea9fd877b54d29a4e6510e71118b06e44a515f0f7e515f75d810b6142e447a4a508f140cd84685404e862e38160c75551d84da0e

          Download Submit

        • memory/2368-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2368-12-0x00000000003B0000-0x00000000003C6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2368-17-0x00000000003B0000-0x00000000003C6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2368-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2368-22-0x00000000003B0000-0x00000000003C6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2844-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download