Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 22:29

General

  • Target

    b8fabf807efe6c0b712c20ded166d12c182f5a76e3adc352f2f9a6fcdf9defb5.exe

  • Size

    79KB

  • MD5

    83c5ae72482d3aa72b5823112d32cbfc

  • SHA1

    01a6734fa5d5670df0497381814734a0f286f558

  • SHA256

    b8fabf807efe6c0b712c20ded166d12c182f5a76e3adc352f2f9a6fcdf9defb5

  • SHA512

    ba72d4278b33a5c20525c5700771d079c2a4fa395a96a1bc7c8652cdc1a230731811eb71bd9ea591a2a691e7810539c270ac1e1d5e6880418e4dec7306e976e1

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOhEbGY:GhfxHNIreQm+Hi2EbGY

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8fabf807efe6c0b712c20ded166d12c182f5a76e3adc352f2f9a6fcdf9defb5.exe
    "C:\Users\Admin\AppData\Local\Temp\b8fabf807efe6c0b712c20ded166d12c182f5a76e3adc352f2f9a6fcdf9defb5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    77KB

    MD5

    6ba3cf39be4af62f811912156223ea81

    SHA1

    e147c0254960904fb54819211e9666a9f6ea8880

    SHA256

    b0944f12b410b975c2e72679ff8a0861e7d4241e174329c1d4e963b61833a5ff

    SHA512

    8f78ec2d67f391ea3cd8f0c000dadb05f694e0c77e9877f9b1c02359a06e2a18f75214aa448a65fa235b4447e01905631ca6c6fce3d178a474d3c57a5fe507e6

  • \Windows\system\rundll32.exe

    Filesize

    79KB

    MD5

    b846ce3e10670783e8c659359b562740

    SHA1

    cff45bd289880ee180dbdd1c157e1a5274fcb831

    SHA256

    6de25fe4b63c8bcb2e427159e756bd9740ab09c24fdb9fae142ad3f8d55fc389

    SHA512

    b7e02a8dfc7bf76c1b84fe969fd6140e21d14092a723e2559ab5e350d0d5440ec807e6d9b90908196a70059ac6c23514e611f923ce81b819316b7bd4ac164f51

  • memory/2184-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2212-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2212-16-0x00000000002F0000-0x0000000000306000-memory.dmp

    Filesize

    88KB

  • memory/2212-17-0x00000000002F0000-0x0000000000306000-memory.dmp

    Filesize

    88KB

  • memory/2212-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2212-22-0x00000000002F0000-0x00000000002F2000-memory.dmp

    Filesize

    8KB