Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
30/05/2024, 02:04
General
-
Target
b608b48296ac78df7cbee4fae8e0d9e6363c733678bd23725d53a3d39892a330.exe
-
Size
445KB
-
MD5
1d2f0de5c5d30250dccb891535187192
-
SHA1
33022927ad87d8a151c03cdaec3762c57e6c898f
-
SHA256
b608b48296ac78df7cbee4fae8e0d9e6363c733678bd23725d53a3d39892a330
-
SHA512
7813d2e8c6c7112926cf398fbcfdea1a6a852ea45f680649076355d80f7bd6ca527f681f61a3d2e6ff3c2fa0164d84658c64a728abe941ce760415dd8c189adc
-
SSDEEP
6144:WdspDeDrxkg/vrMuJIgwhEFHyOrJcX/Pgqwzm5IzkWjS4e4azExBKO1t4Kb70NqY:s8kxNhOZElO5kkWjhD4A45lGU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Modifies system executable filetype association 2 TTPs 3 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 17 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 2 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b608b48296ac78df7cbee4fae8e0d9e6363c733678bd23725d53a3d39892a330.exe"C:\Users\Admin\AppData\Local\Temp\b608b48296ac78df7cbee4fae8e0d9e6363c733678bd23725d53a3d39892a330.exe"1⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\ZNXTTQU.EXEC:\Windows\ZNXTTQU.EXE2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
445KB
MD561e92137ecb626100baae82916be54bc
SHA111f6fdcf6101882a0c5b6390160b801dc7e9498c
SHA2568f7d03d01256eeca6e286e93b102dd3a389efacaa0642b2bedeecda5e808b993
SHA51280430512a582c051c716f95c07731f590e512c1d858f84ce438efaa87641a7c8810daf9ea6004070947c01fe01a45393c31f653e3168e14dd36a965368387fd3
-
Filesize
446KB
MD51412b5c6112b8b4007c014ed2fb53e5d
SHA1da41440372030f55d33a30bb22428032a6b30575
SHA256f7eb4efc8f4487128c46e72920f8dbf951c06a95bb59cc83f3f88ad1bda48fce
SHA51249f33eadf2fb7d7bc6262afca03f14a77a3a3bb5fa57eba86b8b7e56f69b531975daf4a98204d7e96c8d7200a406beedbd6a7032a7dc585e3b8c8cda9014e218
-
Filesize
4KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB
-
Filesize
428KB