Overview

overview

7

Static

static

3

b3111490a3...8d.exe

windows7-x64

7

b3111490a3...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2024, 01:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3111490a3101e1765077dd5841983a1e3d5a1ad833ef43fecf4a581fbe3798d.exe

  • Size

    75KB

  • MD5

    390740fe6db9be4431f3fd0e0c2a3ba6

  • SHA1

    ba2060ab400d4e9bd4c4f4518963e3d00f0fa4e0

  • SHA256

    b3111490a3101e1765077dd5841983a1e3d5a1ad833ef43fecf4a581fbe3798d

  • SHA512

    f950466bfc690637eddce9176fcd776532814773b8184811cde519363f09ecbd3ef9d8204eec4a7c746d09c100902a491c4d66a0d511c5495209dbb1be8285f8

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO6bE:GhfxHNIreQm+HiXbE

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3111490a3101e1765077dd5841983a1e3d5a1ad833ef43fecf4a581fbe3798d.exe
    "C:\Users\Admin\AppData\Local\Temp\b3111490a3101e1765077dd5841983a1e3d5a1ad833ef43fecf4a581fbe3798d.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    78KB

    MD5

    ccb6a133687b1f8d96c39e4a7f27bf96

    SHA1

    eb06b18eae3a1a83545f7a02126e9682891ca139

    SHA256

    ad939e0ab3d0033c7d8f94047dcc5414e6cae80826c9e5e083e0f89c273b884d

    SHA512

    6b7ee80932246e26805663cd2eb51c922b8f2c336321233ea0a025b01fcae7d0890ccb0be38288aafa6a9be9c890ba5e1c730af77bf404f3408c9445b1561137

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    79KB

    MD5

    11441b40a379e2714a40e6ab484351c0

    SHA1

    b412a9cc37c45e25f7a81e7cc06169d27c1b7171

    SHA256

    c60fc2abae6bd996b51b89f1eb90b7c4acfb3e3495ba7747cd875b14382d4c5f

    SHA512

    45bc756c02fbbff77ac053be7c8a91d53b9c7c20b3186bbce0094a97c4df5e7bc97c56a538cea82ea1c048ebcc6f0029e23095dbc3a7e83634803a894f1bc5ef

    Download Submit

  • memory/1724-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1724-18-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1724-17-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1724-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1724-22-0x0000000000270000-0x0000000000272000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3064-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download