Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/06/2024, 07:35
Static task
static1
Behavioral task
behavioral1
Sample
b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe
Resource
win10v2004-20240226-en
General
-
Target
b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe
-
Size
53KB
-
MD5
998be66f56f9e598cf872629927ee026
-
SHA1
f5e3d7f961db9ea296e274ebedc21277262423c1
-
SHA256
b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430
-
SHA512
024d386121292a4cd9e406d87f52695aa282b28725cf234d9a00e415ab55b9aa080dbd00fad718ed3ff0c3f889e6a770a21229c10f8b213ad17c5fe6a4dfdfb8
-
SSDEEP
1536:vN8g8r8QNEHxl2N7Kp3StjEMjmLM3ztDJWZsXy4JzxPMk:OEHxl2NJJjmLM3zRJWZsXy4Jt
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0" misom.exe -
Executes dropped EXE 1 IoCs
pid Process 2744 misom.exe -
Loads dropped DLL 2 IoCs
pid Process 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Run\misom = "C:\\Users\\Admin\\misom.exe" misom.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe 2744 misom.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 2744 misom.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2936 wrote to memory of 2744 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 28 PID 2936 wrote to memory of 2744 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 28 PID 2936 wrote to memory of 2744 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 28 PID 2936 wrote to memory of 2744 2936 b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe 28 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27 PID 2744 wrote to memory of 2936 2744 misom.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe"C:\Users\Admin\AppData\Local\Temp\b7c57e0f512d3fe3f7416a8ffa3d54eb96ca5ddb9701dcabf527afd8bebcd430.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936 -
C:\Users\Admin\misom.exe"C:\Users\Admin\misom.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD543f37656dafb0331cf449cdbd49cbaa0
SHA1adfb501a782c535788aac46b1a9a263b03d6cb10
SHA256533e0af2c90413cda483c46f0f64782c9de92a0def88b761ff68cb0cd3cb1969
SHA5123630fc2754a6e93105ff514538224d65adc11d7b54246b82f0f7a31d90fec348a199ec5e2428b7ed6321413af4292a2eeb752ea3b3027682f6def1e7ed065aeb