Analysis

  • max time kernel
    149s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01-06-2024 05:43

General

  • Target

    ff85635cfd08235a16e0afa04cdaedaea88c5a815edc343c3d5299231e0e9472.exe

  • Size

    312KB

  • MD5

    0ee9b41689676c79004980e3245cc5b8

  • SHA1

    5731264114d4d589b7d927ac7fc0a75d7e7789fd

  • SHA256

    ff85635cfd08235a16e0afa04cdaedaea88c5a815edc343c3d5299231e0e9472

  • SHA512

    3265389ff1cc228ab0d819d526617dc29629ab388a645b406ccfea8c9fe567cd873012d4605cbc49c439d2f176f56866c649838049b23dd5460e297b03b487ea

  • SSDEEP

    6144:HIbc0f7XP+g3AGJpWVzuQGRHeEgRK/fObT/bGiJKv6R7MkZ4lUr8W9HuOGKhvsM6:ow27/XvLWpuQUeEgRK/fObT/bGiJlMks

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff85635cfd08235a16e0afa04cdaedaea88c5a815edc343c3d5299231e0e9472.exe
    "C:\Users\Admin\AppData\Local\Temp\ff85635cfd08235a16e0afa04cdaedaea88c5a815edc343c3d5299231e0e9472.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Users\Admin\cjyeuy.exe
      "C:\Users\Admin\cjyeuy.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1596

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\cjyeuy.exe

    Filesize

    312KB

    MD5

    17a00b127b604e7ad540ba81d8563c8e

    SHA1

    09bf2ec75b004f809aa6e259a44802a5e0dc7833

    SHA256

    fbfa75516b7ff00bb4f2f310964a2a333d45d57f8f713e4cf4cf4372c7f490fe

    SHA512

    8a0f9c72ce39d447711d8063fb2a46e908311b23c29da12ec31c62ab15ba0cae6501e1385e9e669e4bd3049997f4fe9a7ca0da7bbf6b7826c445272bc1e0220c