Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 22:29

General

  • Target

    03ebbf411eecf643583d4e908cc2736bdbae7300e11b4ae8807ff3482b1f6666.exe

  • Size

    76KB

  • MD5

    44817553bd1e3901821a98120102158c

  • SHA1

    f436c185af1ecad633c97b6ee12cc48ec6bffce2

  • SHA256

    03ebbf411eecf643583d4e908cc2736bdbae7300e11b4ae8807ff3482b1f6666

  • SHA512

    2a404d2bfadca817a110e634601fea5e39f80bf22fff1e4beb43b3d89f8b33deca25eda3179bd5770b39ecf827e709c134d58e639d040afce1447d77a7eeeab2

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO0+:GhfxHNIreQm+HiH+

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03ebbf411eecf643583d4e908cc2736bdbae7300e11b4ae8807ff3482b1f6666.exe
    "C:\Users\Admin\AppData\Local\Temp\03ebbf411eecf643583d4e908cc2736bdbae7300e11b4ae8807ff3482b1f6666.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    79KB

    MD5

    0260efa4f1cc549467db0f624a03aa9c

    SHA1

    d9fab7460b37dbff8eec6cf5e9ce908f82422410

    SHA256

    d012bf8fa55128c5f665acb1e171545e8fbac85b8a91a2b8c630f3994eac5e76

    SHA512

    d607b18ee291b37331e5d00a4382f46c31175a1898740d178d1758b756d8408114ca768ea7a013ec2af5eb4785bfbf2ca01f5e1155fb359131764c78288d8831

  • \Windows\system\rundll32.exe

    Filesize

    75KB

    MD5

    7cf67e676e377deff9cbd453497d77ff

    SHA1

    148fb4b60d1943d842852137a7b01fb8a72eb58b

    SHA256

    0790f50a5cc658f4a40139b20508bcc1dcbbcb9e12ed608d8603538ee9812ac3

    SHA512

    4b2e2f505b15296c3556ea90ffa4103df250d00c112511c7c0a148d806cf803d811cce60b32dcaed7933908d9ed031bb764d3470c7db54436e2f38fccd003b5c

  • memory/2180-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2180-18-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2180-17-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2180-21-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

  • memory/2180-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB