Overview

overview

7

Static

static

3

634c1ff5ab...97.exe

windows7-x64

7

634c1ff5ab...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-05-2024 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    634c1ff5ab9165343d21b4f8acdd2edddc50aa7cd4b5435e72730528122e5a97.exe

  • Size

    84KB

  • MD5

    5f8f8a3745da64221d702edc2f68909f

  • SHA1

    7b6eda264c737364fb7b19295817f1f2eaf0be43

  • SHA256

    634c1ff5ab9165343d21b4f8acdd2edddc50aa7cd4b5435e72730528122e5a97

  • SHA512

    b3c398f2d17ab931c6321e49d539d39420ac4f67a2f6632755941f537b0a94a4a2f8a751e3997903acc757be3d94238d7812962f1a52297a2fba6ff17e8c443f

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOecBHZLcCi:GhfxHNIreQm+HitcBHZLcCi

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\634c1ff5ab9165343d21b4f8acdd2edddc50aa7cd4b5435e72730528122e5a97.exe
    "C:\Users\Admin\AppData\Local\Temp\634c1ff5ab9165343d21b4f8acdd2edddc50aa7cd4b5435e72730528122e5a97.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    9e86f64a7db74afe5c39e52eb90b0b84

    SHA1

    278513f971466cd966e9d18c6ddda84582e629e5

    SHA256

    da7bd1f0662ea4225e80e3c177a106bfdbd28c4b1d8686eaece427690f9f53e2

    SHA512

    2ad0aed451e4f1951bce7db242fa424dd582bdd6abb07220fac07a75331d0a197e8b5f53b7d6d2e367c22c7ad7cc5e8b0d5e73fbcc02cf2f62b2b7f0052706e6

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    73KB

    MD5

    ed3dd4a578e363dee80c977fe18ee3e4

    SHA1

    25ceff11d78b4c7babf166937f220807935e49cd

    SHA256

    8e2ddc39cc79e4936ba0c39e5c6826be9fb7e2064362815c1ee8a7ce6a92d98c

    SHA512

    79b1b71862b0001fb07aee4ff706c437e88388c6e0f37813a02986decb5e5809f3cc3cf96eba71c5f2086567192feb4c1ddb38056440166df0ae88da150c8e6a

    Download Submit

  • memory/3916-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3916-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download