Overview

overview

7

Static

static

3

074936cdb0...26.exe

windows7-x64

7

074936cdb0...26.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 03:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    074936cdb03ade6fd40f433ba59cf5766aa9e8d15362b1714c83fae1240a0526.exe

  • Size

    86KB

  • MD5

    17b95cec4c0dff1840cf6990833b5937

  • SHA1

    c05bddaf7b3411b3f0f5e87afdb13a6084848ddb

  • SHA256

    074936cdb03ade6fd40f433ba59cf5766aa9e8d15362b1714c83fae1240a0526

  • SHA512

    518958601696fd2f8904fd406ffe633798f14e4cabc281fcbd772e091cd4fb2daee4e3725e1bf08cdbf25a9efb7944314921b08845209ce51326128d3cb4e406

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOmaFeHA7yhEMw/:GhfxHNIreQm+Hi7aFeHA7yhEMw/

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\074936cdb03ade6fd40f433ba59cf5766aa9e8d15362b1714c83fae1240a0526.exe
    "C:\Users\Admin\AppData\Local\Temp\074936cdb03ade6fd40f433ba59cf5766aa9e8d15362b1714c83fae1240a0526.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1280
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    7738b550bb462e5fc18e0db5c9c36650

    SHA1

    ad00f41390ef8aa1c7c4f108f35155c02fd19f76

    SHA256

    be926debe14b80ffc74c6e7fa90fae2fe9064040846a5758264fd90057aab7b1

    SHA512

    16270e98a3741af462402dc2a960ad664f0df0f412b723637b55ecfd29e4028e4ceb24a8a94b7b270605a5cbd053e59367a0873bf8f54aa31f67db5b9d262d6a

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    74KB

    MD5

    07a4c9478618edbd7f094120f44b678a

    SHA1

    ddb16d9f3676ccd73ccfe579f6920c8b022c6b22

    SHA256

    afcb86c25a1be21b76dc2154fcf7e1dcc2fe457e74e9c8f1d70a24ba6353b2f0

    SHA512

    ba442c14fb8fda25c32c9f49197db23faddc487d34d3aa2725ef4c3dc6c24de76e95e370e3ef7a9f2283f548688dbdcb71b53fcbd43b6b230a3fcb78f2c0c6e0

    Download Submit

  • memory/1280-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1280-18-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1280-17-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1280-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1280-21-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download