Overview

overview

8

Static

static

3

994ec0dd0a...ae.exe

windows7-x64

8

994ec0dd0a...ae.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/06/2024, 02:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    994ec0dd0a7b5b3003961f31869ca3ae.exe

  • Size

    67KB

  • MD5

    994ec0dd0a7b5b3003961f31869ca3ae

  • SHA1

    80a92c643ffd12aaf37be945d532e973ffe0b880

  • SHA256

    33fc40315eb30d4d61b6b805c1039caf4ded1828fcdc46b364e0e45413f902de

  • SHA512

    d41bc1f5dd44370cc49e26bbe106271f9941e12396b08dfa3a91c03023da2f86209d6176600b0c33e6f86439b5d891f5a35c6928a44b4e203ed0e4015c5ff163

  • SSDEEP

    1536:uSqSpZzjDEc5aZRVqoZVNhvOXu8k3ZcthiFObli:Dq2hj2iKrNOHkShix

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Modifies Windows Firewall 2 TTPs 1 IoCs
    evasion
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\994ec0dd0a7b5b3003961f31869ca3ae.exe
    "C:\Users\Admin\AppData\Local\Temp\994ec0dd0a7b5b3003961f31869ca3ae.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\System32\netsh.exe
      "C:\Windows\System32\netsh.exe" advfirewall firewall show rule name ="BloquageHeredis"
      2⤵
      • Modifies Windows Firewall
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2964-0-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-1-0x0000000000B90000-0x0000000000BA6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2964-2-0x0000000000350000-0x0000000000368000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2964-3-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2964-4-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2964-5-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2964-6-0x000007FEF5F13000-0x000007FEF5F14000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-7-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2964-8-0x000007FEF5F10000-0x000007FEF68FC000-memory.dmp

    Filesize

    9.9MB

    Download