Overview

overview

7

Static

static

3

7c190f4e50...f5.exe

windows7-x64

7

7c190f4e50...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe

  • Size

    77KB

  • MD5

    b8e4bac89505dba6d45ff075f79b60f6

  • SHA1

    c675c30890e5471d8186fa40b53b9889ed307904

  • SHA256

    7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5

  • SHA512

    fcff4c788436ec87ea61802739990457db2620d0fcd922684c52adb66c8d34c45bd4158bd637b1a95cdd4e984392e1c42cd90e524872115b00f61dfc639b39e4

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOih/:GhfxHNIreQm+HiZh/

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe
    "C:\Users\Admin\AppData\Local\Temp\7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          83KB

          MD5

          43d38199cb3769bbb528e67ca5f6021e

          SHA1

          354a11978a789ba7aa1784a2f8c1c292207405a7

          SHA256

          92f7a4eaac0c3f542c96dd60e5b9c665883e82a13e25761c764f5500c6d0bd4a

          SHA512

          2c11de61c77e9e7941cbc52f7d07b2ccca7b8534605c189fd5a63e8fa7474f71813a918d63c47944abc1b9d1ec77efa56e2879c1278e75f2d5852175197317c9

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          73KB

          MD5

          d7336bdaece173f8734ff305798eed13

          SHA1

          b31f58d239c5a752c71c95de1b647514c946c55a

          SHA256

          01397e90f62a95e1238b2d0c6828e79ac46f7d7b608c1f2d1ffa5c37a715d046

          SHA512

          0bec3541d241c5886891bb50735377977b7cc1c65a0c4e2c1799671ba9edb7190f932774a90c7ab542d241dbc7a603684d57b4a947e3f75205cd3256276e96ed

          Download Submit

        • memory/2424-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2424-18-0x00000000003A0000-0x00000000003B6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2424-17-0x00000000003A0000-0x00000000003B6000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2424-21-0x00000000003A0000-0x00000000003A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2424-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download