Overview

overview

7

Static

static

3

76eeea61b2...72.exe

windows7-x64

7

76eeea61b2...72.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76eeea61b22e8a97f7a210ecdb5a1b2fc8df98f48ffec9ffd5e6167e83f98e72.exe

  • Size

    75KB

  • MD5

    c407288dd5a3c3b0e51e0f69d37a5381

  • SHA1

    83fee236610ddb91401e10fa373d097afe953322

  • SHA256

    76eeea61b22e8a97f7a210ecdb5a1b2fc8df98f48ffec9ffd5e6167e83f98e72

  • SHA512

    bc491747903438841ea4ccfe95d5a14c844bab3f31601f896d918bfb0bca4ac2f8acfb1db9305ec4e01e2f1fe1c0a2045f2a7cae8c2679e1d2fd31731e75d6f0

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOlO:RshfSWHHNvoLqNwDDGw02eQmh0HjWOl

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76eeea61b22e8a97f7a210ecdb5a1b2fc8df98f48ffec9ffd5e6167e83f98e72.exe
    "C:\Users\Admin\AppData\Local\Temp\76eeea61b22e8a97f7a210ecdb5a1b2fc8df98f48ffec9ffd5e6167e83f98e72.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    75KB

    MD5

    111b6cf229507e784dea36bfcb767cac

    SHA1

    1d4e64141c8dd90dcf1cce9a4cbb731a34133573

    SHA256

    d9d10c99f00c081d45fe3a00ec778c15b59a5ed253eaf2ce819be7c093f167cd

    SHA512

    be753b3305e9879586d35dac5a68d5b88061e401967628b73116ffbd94f26d878e4053db9ef944d38be074f4a3b870ded946968c960886c7e252484969a79fe8

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    81KB

    MD5

    93eafc258759805c403c3fc9c9358f91

    SHA1

    01d602f9814feabd9c01dd9767fd8729edebc0e0

    SHA256

    ae2fd44ad5d42be71bfb2011735c842d7dfe452f4d7f78fa557087f4693b9088

    SHA512

    171b135c913ef2b3541964f3070f0c9899c17cb608cd6bec5ca581757fd4155cc346c5f32fea8a2ca135fba7ecce60340b0654366fb339f0fb797a2ef5e6ce8d

    Download Submit

  • memory/2216-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2796-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2796-12-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2796-19-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2796-22-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2796-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download