Overview

overview

7

Static

static

3

6d1bae13ea...c7.exe

windows7-x64

7

6d1bae13ea...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 04:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d1bae13ea824ff8959a6c5f1f3cb77e114ae039e1aecbb10633e5df879bacc7.exe

  • Size

    77KB

  • MD5

    f54ccf5800b59a4a6a2f3621119aa6a7

  • SHA1

    3c2f8cb0662576f7624281c7d24848e0822329a5

  • SHA256

    6d1bae13ea824ff8959a6c5f1f3cb77e114ae039e1aecbb10633e5df879bacc7

  • SHA512

    27280b6bbaa772c8210181696ecbb955cc01f1c6f026d3210466fe8feb11ce33b5a655032c0c5e562ead0a7000ae9136d2d2e6f50792690327563e2ad94cf4f0

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOA1:RshfSWHHNvoLqNwDDGw02eQmh0HjWOA1

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d1bae13ea824ff8959a6c5f1f3cb77e114ae039e1aecbb10633e5df879bacc7.exe
    "C:\Users\Admin\AppData\Local\Temp\6d1bae13ea824ff8959a6c5f1f3cb77e114ae039e1aecbb10633e5df879bacc7.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    85KB

    MD5

    0fbea360d518c5a3246c69e338233f41

    SHA1

    fb731d81ca2b2a32f5bff15d1dd6b3161861ea38

    SHA256

    588cdb467c6b2e8343e9fe80553e2e524dcdb01eeb4d8981bb9eb1ef70747d54

    SHA512

    55c97c315adfd177ce67bc728253d0fe569153c4c38b7d3ee5022c283226982ae2fc10dcae035553ac3666211dfad9041fde9f04ff490f10c55343a687d8c88a

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    76KB

    MD5

    2c347f490de4650f7fbd9d16cda60377

    SHA1

    c767c258ce0af7e2bf5a56909947c9b18d971999

    SHA256

    766eba21031919ca449ae37126ef55910ad6edbe9c3f62190f207e749d865545

    SHA512

    a11445a5bbd228f33d2f05c22981154ef4445fff8c95e47beb7f5957b66d2df86d1e822e9514837c6080e669d061e277f573823702e886615be46495ef57a356

    Download Submit

  • memory/1784-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1932-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1932-12-0x0000000000360000-0x0000000000376000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1932-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1932-21-0x0000000000360000-0x0000000000362000-memory.dmp

    Filesize

    8KB

    Download