Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 00:52
Static task
static1
Behavioral task
behavioral1
Sample
a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe
Resource
win10v2004-20240508-en
General
-
Target
a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe
-
Size
74KB
-
MD5
1b54e91343d05734dcf7b64d892af8bb
-
SHA1
388733b0d7ba1003484589046790fd0bf6e32d11
-
SHA256
a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb
-
SHA512
94aa70431c4a51f924915ae1cccf56efdc2b59871142ec1699c0fc288891826c9b3e8fc0c6ec664ffc148b6ae029ceb368df6ed68de09d5ee5fcb626b9f069c3
-
SSDEEP
1536:1/PMkmQgitNDBThJz0J+TdrIreROg/pP0F3UgOkFDWI5w/km:CkmQ9tNdThJIJ+ea8WpwUgOyDm
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2876 lfehut.exe -
Loads dropped DLL 1 IoCs
pid Process 1880 a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe -
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\lfehut.exe a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe File created C:\Windows\SysWOW64\lfehut.exe a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe"C:\Users\Admin\AppData\Local\Temp\a33104411f1789e38bc79b3570b2783090cee82c96a6997b10117a77dfc209fb.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:1880 -
C:\Windows\SysWOW64\lfehut.exe"C:\Windows\SysWOW64\lfehut.exe"2⤵
- Executes dropped EXE
PID:2876
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD5afe27de6c2d00abaeb4f95ac69f2faaf
SHA127fc6e7eeb22f892a99c9700d0924d09274db861
SHA2567a0d6a27d5333f16f05fa324c1df7d3564d1c7355237ac5ba740e5e073c5be26
SHA51229e0accf021fad057bb897aa7317d40e57d3c8b1db1925e31e47e4d04e5b9726d3d4f799465a8c1b093a7650c28c7858e44d219b460e62b6a50cbef394efd458