Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 07:34

General

  • Target

    ed4624489a5096953dd2e1ac800fd17ad1b6cdd4065f0539c3a67554c7828aef.exe

  • Size

    75KB

  • MD5

    ed10135b22676fdd88f751d7db8abf71

  • SHA1

    c48d4629d0d18f1ea400ff6a85616f040abae3fd

  • SHA256

    ed4624489a5096953dd2e1ac800fd17ad1b6cdd4065f0539c3a67554c7828aef

  • SHA512

    32a1541e0b14936fdb382dcdb4831eba302b3081e62b6bcd44d69a16b901c75a2106e53f667cb08947c0ba6fa0e8c3dfa6ffd82278a88160904ab0c94aa6a1ce

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO/1:RshfSWHHNvoLqNwDDGw02eQmh0HjWOxf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed4624489a5096953dd2e1ac800fd17ad1b6cdd4065f0539c3a67554c7828aef.exe
    "C:\Users\Admin\AppData\Local\Temp\ed4624489a5096953dd2e1ac800fd17ad1b6cdd4065f0539c3a67554c7828aef.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    83KB

    MD5

    8e326bd6a4fbe4ded463149092ceb7e9

    SHA1

    647f98f63131b34091a368be4bf16a541a541a0a

    SHA256

    b3b5aa67fce01bc843eb60cfb0a10f0c4cd1352b67c4b8076744afb0f8b33b35

    SHA512

    c948f1efef3688cf7aed8fc5315999b5fc798ba2431c8bc8e3e7523e3e162f4dd3ddbfa56f2e7b011d160d562f6f85edfca02462fefce5f067bb80a5d211adb3

  • \Windows\system\rundll32.exe

    Filesize

    80KB

    MD5

    7ddca6dee6068b82c0e94b597431e6c2

    SHA1

    ed9e72f4877beade2af45c22f90c88779869a82f

    SHA256

    dcb832610f8cf41a0a71414499416ff7c5f7b383321c7d3768b19c746f2eafc9

    SHA512

    d0c8e4c50f15c8a531d502997eb0484281366c8456d0bec4ff511f240d9a4354e7349662e8763cab5fd0df4b89d0bf8692edf3361e4c1282058ceca11e2feb23

  • memory/1740-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1740-18-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

  • memory/1740-19-0x0000000000270000-0x0000000000286000-memory.dmp

    Filesize

    88KB

  • memory/1740-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/1740-22-0x0000000000270000-0x0000000000272000-memory.dmp

    Filesize

    8KB

  • memory/2916-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB