Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:32

General

  • Target

    2dfeecb73effdf7d4996d34cc51f17975b83d1a8293fda47098017f24e318f53.exe

  • Size

    76KB

  • MD5

    96670a1cdb2ec39bbf5f4f7234e7d680

  • SHA1

    e830283c1aa8b44e38eacf97153b3401f1a99438

  • SHA256

    2dfeecb73effdf7d4996d34cc51f17975b83d1a8293fda47098017f24e318f53

  • SHA512

    1bccf8aff89649aef49a8057aea0e76346fd723d379b0befc38b6629d9228eee9001e4c73fb86c71190d0ef278e84c2452d41d3341968a3459032c9c87bf9a29

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOPQijDiw:GhfxHNIreQm+Hicyw

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dfeecb73effdf7d4996d34cc51f17975b83d1a8293fda47098017f24e318f53.exe
    "C:\Users\Admin\AppData\Local\Temp\2dfeecb73effdf7d4996d34cc51f17975b83d1a8293fda47098017f24e318f53.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    74KB

    MD5

    7b1174853b33e1bfa2685549e5cc9709

    SHA1

    201ef34017ce7e11447c2d049d264ccc6affca97

    SHA256

    534a602e65f9587d6e0c781cea915a39444e28e14d5e626c43f3152d2c2a7777

    SHA512

    bfc4a2ff12ed5b83b8dc0101666686b78e68da1c928975d3836203bbfbf4b06cd0712c7dfe38ae5d2484de4001e873334767d659ad4ab5eb0f0d0de00e842c8c

  • C:\Windows\System\rundll32.exe

    Filesize

    73KB

    MD5

    0ac150839f3ada246b57b0b9f0905226

    SHA1

    16465d767f2adb22ec4c02c4096f09fd9583ce44

    SHA256

    820e55052079ecaae51e0a45595ab397f62f6a5f852b4030627a1a69f184d0ab

    SHA512

    9327e93edb33623f867ee78cb43f8839e49dfb54e164f36f5f601eac66bcd3fcda9b51544479d92977f5ec9e609518de4f8d103c836a64d5261372688180f9c3

  • memory/3664-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/3664-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB