Overview

overview

7

Static

static

3

d37ac64fc8...fa.exe

windows7-x64

7

d37ac64fc8...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    10-06-2024 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe

  • Size

    74KB

  • MD5

    9afab35e020ddd49577409ba12890c68

  • SHA1

    efd7465f4da610804160f7a8314c6661d1199d36

  • SHA256

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa

  • SHA512

    db64c83f352843af0b198d5de529a888197fce7e7d515ce1795c1d31fdcdd125f1d2dd8a137673951abeb21d1cbb7113595f4116f894e8f5bf8b4dcd9402af45

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOCab:GhfxHNIreQm+Hipab

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe
    "C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    77KB

    MD5

    18123af2f265dc0b4e513024da9506de

    SHA1

    33958a3749f6e18d1d9bbd18f4b72f93511c1428

    SHA256

    14d9b1dc02e39a2603bfe8103e1748fb0609c8034095275299b333313e38c9d6

    SHA512

    7b8d9095c127c84cb81b3f35ee3785d53624f9536407d519aaa13606a89867e85419485ad85218d90e0d0e4457e3802e6e8b169a6d4f1489c8758ba9d7f16588

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    78KB

    MD5

    63bdfa5e3ccd2384933065bcd488455e

    SHA1

    dae1432e26035a0ebbe9a2e8338a8bfe39de93a8

    SHA256

    bc26b20588bc264db5451b1ce63941b901563452a3a2c25c841371afbba87970

    SHA512

    451d5987183b3686f5c90e2bdcf96eaae8e7e1fbbd53583be2d2206625811303a0a791e744e34d2f609e45ab3f8ed93b8a2ed71a1b1a538e75de06e0d48d6c16

    Download Submit

  • memory/1612-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1612-15-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1612-17-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1612-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1612-22-0x00000000002E0000-0x00000000002E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2304-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download