Analysis

  • max time kernel
    149s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:32

General

  • Target

    afc22d19136f9db671708293e114ab529bde5a3e0c3a5dce7e5e904d5ad3c8d1.exe

  • Size

    86KB

  • MD5

    32c1d5f7d725aadb8f435d8f47aed08c

  • SHA1

    4bfa5783f61a998c52b6435e97ea5ccc7740a3f9

  • SHA256

    afc22d19136f9db671708293e114ab529bde5a3e0c3a5dce7e5e904d5ad3c8d1

  • SHA512

    02c1766baa4dc877efa5397138cab996bb0866037dc36060d3697601c717faeab8f386bef00ff8abd1892e5a310f603eabbf79ee99ae7d5c9fa7872aec201664

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOOE0SIIeokYMM:GhfxHNIreQm+HiFE0SIIeokYMM

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afc22d19136f9db671708293e114ab529bde5a3e0c3a5dce7e5e904d5ad3c8d1.exe
    "C:\Users\Admin\AppData\Local\Temp\afc22d19136f9db671708293e114ab529bde5a3e0c3a5dce7e5e904d5ad3c8d1.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4504
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4192
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4212,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=4132 /prefetch:8
    1⤵
      PID:4080

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe

      Filesize

      74KB

      MD5

      7b1174853b33e1bfa2685549e5cc9709

      SHA1

      201ef34017ce7e11447c2d049d264ccc6affca97

      SHA256

      534a602e65f9587d6e0c781cea915a39444e28e14d5e626c43f3152d2c2a7777

      SHA512

      bfc4a2ff12ed5b83b8dc0101666686b78e68da1c928975d3836203bbfbf4b06cd0712c7dfe38ae5d2484de4001e873334767d659ad4ab5eb0f0d0de00e842c8c

    • C:\Windows\System\rundll32.exe

      Filesize

      73KB

      MD5

      0ac150839f3ada246b57b0b9f0905226

      SHA1

      16465d767f2adb22ec4c02c4096f09fd9583ce44

      SHA256

      820e55052079ecaae51e0a45595ab397f62f6a5f852b4030627a1a69f184d0ab

      SHA512

      9327e93edb33623f867ee78cb43f8839e49dfb54e164f36f5f601eac66bcd3fcda9b51544479d92977f5ec9e609518de4f8d103c836a64d5261372688180f9c3

    • memory/4504-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

    • memory/4504-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB