Overview

overview

7

Static

static

3

804b7e12cc...3c.exe

windows7-x64

7

804b7e12cc...3c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 20:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    804b7e12cce616752363a3c260e5050d05d1c648696aa645caecbed74672933c.exe

  • Size

    78KB

  • MD5

    52dcbf1c20b544bc821844ed3fa625cc

  • SHA1

    4ef9b7bb963a3f994f2883b5bc6e3564e51e6903

  • SHA256

    804b7e12cce616752363a3c260e5050d05d1c648696aa645caecbed74672933c

  • SHA512

    e0b8c289f0c12ca2291a695dde5a7b9953063a6f0469c94ca92e77312ab867e7edc23c33aaabbecd323cc97ac56e696f245c222934c1f543f8d771eec67d13d5

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO/Yr:GhfxHNIreQm+HiCYr

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\804b7e12cce616752363a3c260e5050d05d1c648696aa645caecbed74672933c.exe
    "C:\Users\Admin\AppData\Local\Temp\804b7e12cce616752363a3c260e5050d05d1c648696aa645caecbed74672933c.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1152
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          85KB

          MD5

          5f064546466f720e7801025c4c84e5ee

          SHA1

          2bd8dae23ee4fa2510badb83904155453f68bc7c

          SHA256

          0a0b6049c794c0e51a56157634b43febb9e60847fc32503c755b29e41c3df3b8

          SHA512

          e9ee971175d611be78844b3fcdf52d9ad573a755b4865f28d899744d5a9db431d43d422bdf81c7ca876b814e4011bfeb301d7e64897b0040f55f48a5c80d2bf1

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          78KB

          MD5

          6f495b4e9981d9f93487e7ca60c2fc99

          SHA1

          1d16966824c9d9c9f49ae6224f0c7097f844a073

          SHA256

          7c6aaed8c708d22b70fe354e42376e593bf9da3d4e374e33a6dd588e2c5efa0e

          SHA512

          cef4e922a02b453de31ceb6e56e28f2068648f13019687666411061a3361a772757167118302fd94d8d13f4e1f244cebba0902ac3fb1c7363eebed0ad58b1322

          Download Submit

        • memory/1152-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1152-11-0x0000000000260000-0x0000000000276000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1152-18-0x0000000000260000-0x0000000000276000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1152-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1152-22-0x0000000000260000-0x0000000000262000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2232-19-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download