Analysis

  • max time kernel
    31s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 01:01

General

  • Target

    a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe

  • Size

    2.2MB

  • MD5

    1cb3bcb19205c9b4800ffd47ef3cb6e6

  • SHA1

    40e7bc859eecfd52fd366b395c9ec6ddd58a960e

  • SHA256

    a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f

  • SHA512

    5411c14b445a6228d8e7d2e1a143c02115cbf7f53c3a6390dc439bbda082d9969ae7c33df115ec6f09920d2f63e5ee5edca76b04ccf36fa184dcb75d8120a33e

  • SSDEEP

    49152:WbD+QCbRquA/m2yL5zbfFiV+XenmE3/zw:WbD+5oq2VjnmH

Score
9/10

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 9 IoCs
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe
    "C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1076
    • C:\WINDOWS\MSWDM.EXE
      "C:\WINDOWS\MSWDM.EXE"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:4560
    • C:\WINDOWS\MSWDM.EXE
      -r!C:\Windows\dev379A.tmp!C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe! !
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3640
      • C:\Users\Admin\AppData\Local\Temp\A7A37735EADF11931D27DA28CBD3B7AF132BE6300F40A4B6E5CD3AFB9E298D6F.EXE
        3⤵
        • Executes dropped EXE
        PID:3088
      • C:\WINDOWS\MSWDM.EXE
        -e!C:\Windows\dev379A.tmp!C:\Users\Admin\AppData\Local\Temp\A7A37735EADF11931D27DA28CBD3B7AF132BE6300F40A4B6E5CD3AFB9E298D6F.EXE!
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:3960

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe

          Filesize

          2.2MB

          MD5

          60ba1219b473263a4471e8e25118e4cf

          SHA1

          9b7ec1b278cb87a3b684820f23784e605eada716

          SHA256

          b0d78983ee9bd9e9bd629225d1449e8c735e752aaf7ab8eb888fea47eb2142fa

          SHA512

          6b606b201ef10f4df76e982b6415901e235a1a4881277e6de7c6da72baa9dc2dd8c2fec59291af837791916049ff4b73f79db0370f5a76203e175b23c7288af3

        • C:\Users\Admin\AppData\Local\Temp\a7a37735eadf11931d27da28cbd3b7af132be6300f40a4b6e5cd3afb9e298d6f.exe

          Filesize

          2.2MB

          MD5

          84a75736d5fddf6bf97d86a11b47d1ab

          SHA1

          b1845ee95269b0f10068edb4a0e70260ca074d8a

          SHA256

          a6a2d36c3371533edc725244e3eaa8f9ac0f16408117909c524b79df898d7bb7

          SHA512

          bec6c2131452b5faab5cae51940110a6858e60da17939f5846a180ded5aa3889635fedcf7b543462bcdc4ae9c0f219079afa9d2709bc2f327b7cae0c9b3bb931

        • C:\Windows\MSWDM.EXE

          Filesize

          80KB

          MD5

          7953ee2765fd7f56ef2cbc7181d1149d

          SHA1

          c649e183ef7ea9d5f758e061432c2707f7591b6f

          SHA256

          79d8f0ced4322e8274ed093c31cc3685048212c192d549c8d31a19f16b1d6da9

          SHA512

          351b443e4145ddaccef9de847b142b240fb44594d6bee7b7fbe16a865df6dccd93559b437b254093f0f790bb3b66d0972d879b931c8f2e9ed9fdd4c931dbe7b7

        • C:\Windows\dev379A.tmp

          Filesize

          2.1MB

          MD5

          b8d69fa2755c3ab1f12f8866a8e2a4f7

          SHA1

          8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d

          SHA256

          7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd

          SHA512

          5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

        • memory/1076-1-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/1076-7-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/3640-10-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/3640-24-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/3960-20-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/4560-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

        • memory/4560-25-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB