Overview

overview

7

Static

static

3

f9fd16190c...a1.exe

windows7-x64

7

f9fd16190c...a1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    30/05/2024, 11:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f9fd16190c55b9be5c4416c0e65ff62ff1dfe6bc0554d425a9b8e37e601dc7a1.exe

  • Size

    73KB

  • MD5

    a8a04f828fa3cc7c1472c778aff79adc

  • SHA1

    3109e1189fb66af05db631ba910edd6d5fb9d059

  • SHA256

    f9fd16190c55b9be5c4416c0e65ff62ff1dfe6bc0554d425a9b8e37e601dc7a1

  • SHA512

    7b58e903bdb9e3d02bd0d49213bd0c7a9f2e677d2c408a0a0496d9b4063ce2f821248f6d7c6558fee1be21cfd0174dc27b4c310430fab4d7a531cb95159d1a2d

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOB:RshfSWHHNvoLqNwDDGw02eQmh0HjWOB

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f9fd16190c55b9be5c4416c0e65ff62ff1dfe6bc0554d425a9b8e37e601dc7a1.exe
    "C:\Users\Admin\AppData\Local\Temp\f9fd16190c55b9be5c4416c0e65ff62ff1dfe6bc0554d425a9b8e37e601dc7a1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          77KB

          MD5

          d1ef0d1b8406de1b866c21d221634e14

          SHA1

          bb447f1acec3834739a686de1128dda4cdf2c379

          SHA256

          186bc16056ea083513aabbb3719c5d400666e6e5f7c010239395a8a8cf177bfc

          SHA512

          af8fc7237cccbff348971bfcf987d4f08eac9e176f7823d94073622041476ed6a67606b83d2ff44e02d5e9aa525e37debcb62ca5e87946629dc82dda8abdbad8

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          84KB

          MD5

          11c74dbf40049bc69d37bb42e99cd37f

          SHA1

          378ad7e445e40113fff8f8116bab61037ee913e3

          SHA256

          d44bf6181fed96672702f61b8271092950c69231e8e721e515ba3936ee33ee34

          SHA512

          ed95f72bfccbc619845e2d1806b2f7d03b0776ce5bf80bfb39b4a279990e2943ed051a258fc411a387a1b338809e2abd4c7e17116c6473ea2a0623674da86a57

          Download Submit

        • memory/1152-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1152-12-0x0000000000250000-0x0000000000266000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1152-17-0x0000000000250000-0x0000000000266000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1152-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1152-22-0x0000000000250000-0x0000000000256000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2232-19-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download