Overview

overview

7

Static

static

3

7c190f4e50...f5.exe

windows7-x64

7

7c190f4e50...f5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/06/2024, 06:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe

  • Size

    77KB

  • MD5

    b8e4bac89505dba6d45ff075f79b60f6

  • SHA1

    c675c30890e5471d8186fa40b53b9889ed307904

  • SHA256

    7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5

  • SHA512

    fcff4c788436ec87ea61802739990457db2620d0fcd922684c52adb66c8d34c45bd4158bd637b1a95cdd4e984392e1c42cd90e524872115b00f61dfc639b39e4

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOih/:GhfxHNIreQm+HiZh/

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe
    "C:\Users\Admin\AppData\Local\Temp\7c190f4e5098b29b963cd2fb13389e2c545b0e372c789f839ca33789b74825f5.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1584

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          73KB

          MD5

          60274a2b4552ad586ec1ff23f0991094

          SHA1

          449ed8b18170e017459ecb19cfd4ba1b00206861

          SHA256

          671c8a283e9916094cbeb04ddd4a5dfba32b206acc18e244b38e6c3c2438b8c0

          SHA512

          a3d07bb796e96c6c136d16436eeaab8590daf6b4f1cdad399b0bf80fb53599714cdfa7addba74e0c7530a2d174eb643125ec45a4ca40412f24f5fd182d806246

          Download Submit

        • C:\Windows\system\rundll32.exe
          Filesize

          84KB

          MD5

          9513aedb9b6b8e85965b74c2bff9cdec

          SHA1

          614da1ad9c836e52d9ba54b01734da9de21e5e7d

          SHA256

          6d392b1de38040f5f76655fba74ee3fa10beccc702b5bd067daeba39c8c82d69

          SHA512

          ceceaf69548321be741120e66cb1c711144ada8bdc5e0c9108fd04ad2d4e872755ca5775f2a4f2f708224aa0ba9949fe2e5e5a44e2e3e11aeb3a768a122aded4

          Download Submit

        • memory/2024-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2024-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download