Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 22:29

General

  • Target

    f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe

  • Size

    74KB

  • MD5

    9e9cc7249bec459b0a332cb541ee7813

  • SHA1

    366488c68dc69ff3cf25060e307f931899652a85

  • SHA256

    f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3

  • SHA512

    855fedf460c513fed3512346eec564453c2ba6c7711cc7e01a2925b4403cfd8e4a0807d6d5fb6eafe1157d43e56366ca9b4dc00f60964355099b83386c8695c0

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOrrc:GhfxHNIreQm+HiYrc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe
    "C:\Users\Admin\AppData\Local\Temp\f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2300

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    77KB

    MD5

    ad57fd5b53cbd9b8a4b80bd5d4c1b538

    SHA1

    246d17d6bcb73b32b60e5b27d68cb99cab61398a

    SHA256

    c82d99416bfdf6e8785c5962b560156fd00322b85f136b454848a16769901f68

    SHA512

    131d39bb9262e3e2af8faa105a725fe00f180ac6c43fcf97a4504895399e22293ae5106df1ed09a1eb88b93fd427900fbff127ee76103ecf3a32aee75c3726bd

  • \Windows\system\rundll32.exe

    Filesize

    77KB

    MD5

    bfe710448cdca827b09db8c89136f6fc

    SHA1

    f2d400c886edf5430ae67ccef24732d67c299cb1

    SHA256

    61f1dbaf3d1aeb7951afe26cf84594e94aeb5867b642ed5938ab68004d533566

    SHA512

    dfbcc25e6d092985af48a7453f38f2e447b331e98303f78ed54726b5ef73e1d194e4a61d9e8706184595991d3b97dede27e37eb6ae525ea1f416c38cddf7be1c

  • memory/1100-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1100-12-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

  • memory/1100-17-0x0000000000240000-0x0000000000256000-memory.dmp

    Filesize

    88KB

  • memory/1100-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1100-22-0x0000000000240000-0x0000000000246000-memory.dmp

    Filesize

    24KB

  • memory/2300-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB