Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 22:29

General

  • Target

    f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe

  • Size

    74KB

  • MD5

    9e9cc7249bec459b0a332cb541ee7813

  • SHA1

    366488c68dc69ff3cf25060e307f931899652a85

  • SHA256

    f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3

  • SHA512

    855fedf460c513fed3512346eec564453c2ba6c7711cc7e01a2925b4403cfd8e4a0807d6d5fb6eafe1157d43e56366ca9b4dc00f60964355099b83386c8695c0

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOrrc:GhfxHNIreQm+HiYrc

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe
    "C:\Users\Admin\AppData\Local\Temp\f617a212afe8dccf8e5563ba56c9af214aa9ec2ec51fc479c7437b2d25cfdce3.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3904
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1032,i,13640054265074968359,8146127767143474550,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
    1⤵
      PID:4976

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe

      Filesize

      77KB

      MD5

      ad57fd5b53cbd9b8a4b80bd5d4c1b538

      SHA1

      246d17d6bcb73b32b60e5b27d68cb99cab61398a

      SHA256

      c82d99416bfdf6e8785c5962b560156fd00322b85f136b454848a16769901f68

      SHA512

      131d39bb9262e3e2af8faa105a725fe00f180ac6c43fcf97a4504895399e22293ae5106df1ed09a1eb88b93fd427900fbff127ee76103ecf3a32aee75c3726bd

    • C:\Windows\System\rundll32.exe

      Filesize

      77KB

      MD5

      bfe710448cdca827b09db8c89136f6fc

      SHA1

      f2d400c886edf5430ae67ccef24732d67c299cb1

      SHA256

      61f1dbaf3d1aeb7951afe26cf84594e94aeb5867b642ed5938ab68004d533566

      SHA512

      dfbcc25e6d092985af48a7453f38f2e447b331e98303f78ed54726b5ef73e1d194e4a61d9e8706184595991d3b97dede27e37eb6ae525ea1f416c38cddf7be1c

    • memory/436-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

    • memory/436-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB