Overview

overview

7

Static

static

3

58f3e902bd...1c.exe

windows7-x64

7

58f3e902bd...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/06/2024, 04:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58f3e902bd2d511d0efff3f039772a6598b1b615155f221651e38999f485241c.exe

  • Size

    81KB

  • MD5

    05fc17fedbd74d5d0ecc48ab681f2a87

  • SHA1

    cbed72a6437648e3eb407446c4ba7e8044c402e6

  • SHA256

    58f3e902bd2d511d0efff3f039772a6598b1b615155f221651e38999f485241c

  • SHA512

    3d5654bd51feaad4c94096904dab09d9b14313f3952085d5cacf169a7c2a102563fff61dbfc45a904d94572370153bb8ec8931cfb6a30ea0ff078b853f4ee799

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOHO/vE:GhfxHNIreQm+HiSO/vE

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58f3e902bd2d511d0efff3f039772a6598b1b615155f221651e38999f485241c.exe
    "C:\Users\Admin\AppData\Local\Temp\58f3e902bd2d511d0efff3f039772a6598b1b615155f221651e38999f485241c.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    81KB

    MD5

    9c151c6e6878f34d07db67fe33958036

    SHA1

    eff3c087d94db41921e0f2235375447bf4b0e329

    SHA256

    0955c0930c5554f940216e9e7182492a325287cbd6ce258ee2cf58ee66f7f8e3

    SHA512

    f20427940887574f3a1bcc5ecc12abc82864ea5e0cacb187812d3d1cc905d67ad56ac37ef95d271d64147890f0dee5bd3a5e965292cd4cb233d6e37357b88622

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    84KB

    MD5

    d10c1e6cdc88e04c352192be52bb9df8

    SHA1

    cfd474d638c93293b84ea4290936d9aad03e2796

    SHA256

    d941a8745782189aed4c5f3eff9e36ab5c17f20f0d981db50494d9361e6d2cbc

    SHA512

    8187ed446782b3d569410315aad8b9cc6c017978ebd98b93ae089929e8f078fda1d3fea9f7aa79fd43e1b555e966f9e4325002a0ae9c8dbcb665a6bc2d139a69

    Download Submit

  • memory/1276-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1276-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download