Overview

overview

7

Static

static

3

36488a2365...bd.exe

windows7-x64

7

36488a2365...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36488a2365f331fcfb5fc83a989b4bcd9a33d1ba4190e89d474eceb2942fc2bd.exe

  • Size

    83KB

  • MD5

    b61a193bd0d0a490df14fa1f4747760a

  • SHA1

    aaca3491a486d0a9c3afff430b5db2d8df8510b6

  • SHA256

    36488a2365f331fcfb5fc83a989b4bcd9a33d1ba4190e89d474eceb2942fc2bd

  • SHA512

    f974ed7bf700710020a2107d6e233c428a82cbcd1f8f1db5a740f12d40b744078786a33fc08a4e384aed28f491a6cc7a11b8694913a1679d14668d4d2a7f64d1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOyO6JuQEM8+:GhfxHNIreQm+HiVO6JuQEM8+

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36488a2365f331fcfb5fc83a989b4bcd9a33d1ba4190e89d474eceb2942fc2bd.exe
    "C:\Users\Admin\AppData\Local\Temp\36488a2365f331fcfb5fc83a989b4bcd9a33d1ba4190e89d474eceb2942fc2bd.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    79KB

    MD5

    8c4ee77923766d34f723f7b08c726bd8

    SHA1

    1464d0b57a09264a3cc95c08926f23b80c842bb4

    SHA256

    dd0b4d41551bb5d65b350423d252924c43d8da1c18917e7429f085b3f614c6b8

    SHA512

    9e7789393ba68f3882261e47783ac11a4985dba65588bab380a62998f1f99bb93dc88b116870b7813ab402ec1789443c93815393c88e2e103d78dd620c90d2cd

    Download Submit
  • \Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    8a7011ed3620f09d0648f1c9be79ee8b

    SHA1

    f04d075ed55d5a8f1c2df123c2e803af8b8cfcab

    SHA256

    a9186d904cd0741af1758b7e704287c8e69c66329054ab85a5cd599f8c260ed8

    SHA512

    a4e8ff73ce6eff40cbdb5bb89cb88aacf6086685adb8f4a7c979ee1d109ceeaa7840400c010db114615fc71da2017466b6492da793c5a2a70d1515f43a46db77

    Download Submit
  • memory/1724-0-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download
  • memory/1724-18-0x0000000000360000-0x0000000000376000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1724-19-0x0000000000360000-0x0000000000376000-memory.dmp
    Filesize

    88KB

    Download
  • memory/1724-21-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download
  • memory/1724-22-0x0000000000360000-0x0000000000362000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2768-20-0x0000000000400000-0x0000000000415A00-memory.dmp
    Filesize

    86KB

    Download