Overview

overview

7

Static

static

3

0d1faa1eb5...64.exe

windows7-x64

7

0d1faa1eb5...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 08:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0d1faa1eb531e28bcc08183473ba5ee35989487927c0052b8eb4e83151d62864.exe

  • Size

    75KB

  • MD5

    50ba7ba6b89480c2b9f6755c5c518405

  • SHA1

    fb13a48f1c58ef2255098c4e1281c0e541ab6b34

  • SHA256

    0d1faa1eb531e28bcc08183473ba5ee35989487927c0052b8eb4e83151d62864

  • SHA512

    d1fc39b92d3de698954c9d067ca4910d5fbf1f1f1ed64ee09e96a94903f2c069e615c504814972b13cdf3cd4e6acf362a87f6930c6b0669ebd4882b15d7b8206

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOdzA:GhfxHNIreQm+HiuzA

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d1faa1eb531e28bcc08183473ba5ee35989487927c0052b8eb4e83151d62864.exe
    "C:\Users\Admin\AppData\Local\Temp\0d1faa1eb531e28bcc08183473ba5ee35989487927c0052b8eb4e83151d62864.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2132

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          78KB

          MD5

          2387197e85566ce357c6359cce927590

          SHA1

          cde4be19bbae2e0aef3a54330c35525f24c3ba03

          SHA256

          7b5e7e8b1bfde572b7baa7145c3a591c0ae59ab231683bca7223e68d22c149b5

          SHA512

          fd9e03bda34ff3c70db12eef3d1a812217066c9fc187c7a0c4db9996056b7c3b45811229fd3e4bce3bd52f0c13b8a186821f5959af999f4a0d953ab5563c19c9

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          76KB

          MD5

          56f752c280a929735d2e73315d72efdf

          SHA1

          0bb892242e17f26d57970e6dfe4bdcd959631ac0

          SHA256

          c41680c6dc5e44c693aa98183af9f11317d3cb337d1adfa762d2ed5432ae0ae5

          SHA512

          1b512fcfbf4937e5139299ce7f5fe281d6cf4a381c1d6e8f6e804d344ab7eeb7b1a2e14a290940df31b2b6a016b7eda62f9ab1ee46ff17b9255e1ba9655e2b53

          Download Submit

        • memory/2132-19-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2960-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2960-18-0x0000000000280000-0x0000000000296000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2960-17-0x0000000000280000-0x0000000000296000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2960-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2960-22-0x0000000000280000-0x0000000000282000-memory.dmp

          Filesize

          8KB

          Download