Overview

overview

7

Static

static

3

3a2158dc91...37.exe

windows7-x64

7

3a2158dc91...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/06/2024, 23:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a2158dc91d86cbd8497983e5764c25ea84a91aae7af34e3d2c13c5b3de08e37.exe

  • Size

    75KB

  • MD5

    e2d9f072b262f39de9ec30bad9dfb0ba

  • SHA1

    74ba47eeaa96baa9f471b54cc96a18c4584cecc0

  • SHA256

    3a2158dc91d86cbd8497983e5764c25ea84a91aae7af34e3d2c13c5b3de08e37

  • SHA512

    ecb05f3059013555423820ac9b27a57cd257414c9b23b79624e7bafc3809a589abbbfdec49ab166bac05768940d10a75ac116e2a4c4b1fb55a5389519594b18b

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOGh5:GhfxHNIreQm+Hidh5

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a2158dc91d86cbd8497983e5764c25ea84a91aae7af34e3d2c13c5b3de08e37.exe
    "C:\Users\Admin\AppData\Local\Temp\3a2158dc91d86cbd8497983e5764c25ea84a91aae7af34e3d2c13c5b3de08e37.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:320
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1032

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          79KB

          MD5

          b3dc5c293dc177f54c5c010395b880d6

          SHA1

          2cfef73f16d9b63247628d0ed0b10fe5037c510d

          SHA256

          d0fb432cfc6c75ea0d9cbafc11df7cf120bf9a5c5106a3b10fbbaa64bd42d4f7

          SHA512

          ff9ada12cbb0ebe3b948716309c392f4d6d8a2fad7f8d05e333ece3e7c6539fce508a972fb1cc4018efb04cbcc303f967e1a04a8a01d9c24adbe5f6d2ff5385f

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          78KB

          MD5

          265c6f58467d7831edb3f0e310b22d67

          SHA1

          baf4069a50d7afae1c471c076fa06d2e71a7ec95

          SHA256

          daa890030dd5c4cb95fbd6fd97696f36e8c1b7a178f3493d21089ff234f02f2b

          SHA512

          97d5efefd3dddd886465c5ad4d37a971518835b82f10bc8f713f26ad33c94996821f6ad66d87b29cc35b372312b8213eca3eea3a7376b243a63faeed88a44e0f

          Download Submit

        • memory/320-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/320-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download