Overview

overview

7

Static

static

3

d37ac64fc8...fa.exe

windows7-x64

7

d37ac64fc8...fa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-06-2024 06:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe

  • Size

    74KB

  • MD5

    9afab35e020ddd49577409ba12890c68

  • SHA1

    efd7465f4da610804160f7a8314c6661d1199d36

  • SHA256

    d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa

  • SHA512

    db64c83f352843af0b198d5de529a888197fce7e7d515ce1795c1d31fdcdd125f1d2dd8a137673951abeb21d1cbb7113595f4116f894e8f5bf8b4dcd9402af45

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOCab:GhfxHNIreQm+Hipab

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe
    "C:\Users\Admin\AppData\Local\Temp\d37ac64fc8e176d4c2ac0b0b83699746c3a9d7f82d9515f2b3f28ec69df464fa.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3276
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    74KB

    MD5

    985b2b701474f730918ca7eb512fd878

    SHA1

    bc6711dff6ca5d990fcf373f957e2cea7fdf5782

    SHA256

    99525218a7fac835dddc6f4a7f495df37513e16e7206a08c0d51c2ff8c1d00d2

    SHA512

    af6460c47d2ce5f3afce75f6d0767ae980567e139a0b5cf0bfc7e03debdbd21ddf9cea887ee32959ae7379049260513438041b5f501c719f5352adc880f45c7e

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    78KB

    MD5

    ced077ad8d8658542d899acf9e761342

    SHA1

    e13172bd18c35d87f1bbab78e3e7ab65460d4fde

    SHA256

    d47cc32060f800fdb65be50476b827cca195019b1f3c0262461b84d328f15978

    SHA512

    12cc872ab6cdc8db6c8b84894081c4d45f00acf3f993ce59150f7ac0b5f9f0ca62a8c190281f28243cdb69b30f02466f051dd3644b6093e68a6c4e2069ca95e1

    Download Submit

  • memory/3276-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/3276-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download