Overview

overview

7

Static

static

3

4f2c51077d...15.exe

windows7-x64

7

4f2c51077d...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 01:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4f2c51077dbe6a369beed53739e59901738e7749ce690ab302ed6e91c3c8c115.exe

  • Size

    80KB

  • MD5

    6730a5923c494f9ed689ba6efd6e2bc2

  • SHA1

    e352bc3a87332c45587d173417f3b7a8e6b7acd5

  • SHA256

    4f2c51077dbe6a369beed53739e59901738e7749ce690ab302ed6e91c3c8c115

  • SHA512

    34d54d6433763d54c1631e76657a778a4d6e497ad35244a75b2e36fd6aa1fedd4848e388edc20680631a5262537d1765491310a4d1d5f607af73375216fc939c

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOJJz6A+afF7:GhfxHNIreQm+HieJz6A+afF7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4f2c51077dbe6a369beed53739e59901738e7749ce690ab302ed6e91c3c8c115.exe
    "C:\Users\Admin\AppData\Local\Temp\4f2c51077dbe6a369beed53739e59901738e7749ce690ab302ed6e91c3c8c115.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1868
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          78KB

          MD5

          ccb6a133687b1f8d96c39e4a7f27bf96

          SHA1

          eb06b18eae3a1a83545f7a02126e9682891ca139

          SHA256

          ad939e0ab3d0033c7d8f94047dcc5414e6cae80826c9e5e083e0f89c273b884d

          SHA512

          6b7ee80932246e26805663cd2eb51c922b8f2c336321233ea0a025b01fcae7d0890ccb0be38288aafa6a9be9c890ba5e1c730af77bf404f3408c9445b1561137

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          79KB

          MD5

          11441b40a379e2714a40e6ab484351c0

          SHA1

          b412a9cc37c45e25f7a81e7cc06169d27c1b7171

          SHA256

          c60fc2abae6bd996b51b89f1eb90b7c4acfb3e3495ba7747cd875b14382d4c5f

          SHA512

          45bc756c02fbbff77ac053be7c8a91d53b9c7c20b3186bbce0094a97c4df5e7bc97c56a538cea82ea1c048ebcc6f0029e23095dbc3a7e83634803a894f1bc5ef

          Download Submit

        • memory/1868-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1868-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download