Overview

overview

7

Static

static

3

6a0be29f5f...64.exe

windows7-x64

7

6a0be29f5f...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/06/2024, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6a0be29f5fe881b75207a87627e06df6d564b51e00ff7f853cd8bc6c6db9c764.exe

  • Size

    74KB

  • MD5

    4d26a1c50caf3a0e102de29093b2f333

  • SHA1

    878af4005b8ad5e2f1a498435623ae95421b7a85

  • SHA256

    6a0be29f5fe881b75207a87627e06df6d564b51e00ff7f853cd8bc6c6db9c764

  • SHA512

    11b992fdcc4c9d7c76acacfa5ae33a3e7c3b3e18debd0df9f216893fd13fcfa757b25d0986b0361955cc3437248e37e192a781b893277e20fd63cb2bfa5f9404

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOL3:RshfSWHHNvoLqNwDDGw02eQmh0HjWOL3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a0be29f5fe881b75207a87627e06df6d564b51e00ff7f853cd8bc6c6db9c764.exe
    "C:\Users\Admin\AppData\Local\Temp\6a0be29f5fe881b75207a87627e06df6d564b51e00ff7f853cd8bc6c6db9c764.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          78KB

          MD5

          570dc1e062705e4b5ed9697305be01f1

          SHA1

          e51f1f8ad38bfe7b1fbd4487b393bd30453d3f18

          SHA256

          add5e66d4c3cd7026a6eb7557e27067f8eb5dc92e02dcb1ec142fff1e5da3cdd

          SHA512

          ce6ad1595bebaf8b8ed6a96cff9cb975b0e8385b5c2b91b8b7933dccc5ce1e78ceae319a076efa3dea2d32a44c5c569317aa78207cf3e6aab92cee38f6446f03

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          77KB

          MD5

          3a8ebfd8b7a23fff770e3a56b4945de3

          SHA1

          4d2eafdc096381248609c890aae66bd4adf2cb44

          SHA256

          f34a95d5a6b40966a5f03af36df6969fd7d879fba6c819d470e7812f9d1b12c4

          SHA512

          b0837335b45d4f89018925897bd852bc2187b41745b6675cd20872824a4d5b08f2073ecabbfa43b076f2f3ff688467de2689df0af0fed89ee49303ce8f8ec8d3

          Download Submit

        • memory/1160-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/1160-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download