Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 22:32

General

  • Target

    6ee53e8b245cd48f5e22132468d833ab557c42b0cda11cf0050e7f71901a1642.exe

  • Size

    81KB

  • MD5

    5c9d54e4f694cb356195e0cf6d93f1e0

  • SHA1

    45fcedd3d8d9f731d65ae8453e18a4440d268bda

  • SHA256

    6ee53e8b245cd48f5e22132468d833ab557c42b0cda11cf0050e7f71901a1642

  • SHA512

    a73fd72bf137c9d8881504a13ebf6e7831bd9fc56db0da0ef26ddc57caf1026dcb9f0e07d08d418ce280a7b4717750354ac9ec27acb5bb28a1a249db96b60592

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOLEmoY:GhfxHNIreQm+HioEmoY

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ee53e8b245cd48f5e22132468d833ab557c42b0cda11cf0050e7f71901a1642.exe
    "C:\Users\Admin\AppData\Local\Temp\6ee53e8b245cd48f5e22132468d833ab557c42b0cda11cf0050e7f71901a1642.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4888
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    80KB

    MD5

    d43263b4a7d7ab3d87ca02eaa2bc9274

    SHA1

    b80bf329c6788f3dd8c8c0ecda150cbe2cf5a7dd

    SHA256

    5033a78c84818bb32fc863f5bc826cee2b3f9269400c8a56d03a1750a20a500f

    SHA512

    2c56f045253888faf220889c600afbb8249ddd06e171c84d2044f49c0f6a59d2ce962dd6cdd9261ca49cef3ed83aa23a3e9d21f25e40e38b455dc82352fd1780

  • C:\Windows\System\rundll32.exe

    Filesize

    75KB

    MD5

    f7d96d70c88809954ddf238eba2fa33a

    SHA1

    4d9105a01b5691828cb541a68398913dea28ae90

    SHA256

    105d103b9e8215a5984a3670e2dadee1cc9343b95308714cf557746b41c3055b

    SHA512

    0fef771b5e41263367d05ab90766926eaa80ea8ddda8801af5b3eef3d95d4ae83ec11a3926281cd44e503700df24914ac524ed7a1834112558efa6170bff7154

  • memory/4888-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/4888-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB