Overview

overview

7

Static

static

3

104bbe02bc...53.exe

windows7-x64

7

104bbe02bc...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 22:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    104bbe02bcdd445eee643ca0ae5572462e801faae347a323b891e041ea328953.exe

  • Size

    75KB

  • MD5

    a2be3d263e0e3c29eb30663b77dab1ca

  • SHA1

    b6d37051e6f3324ec73ea0cbbf513e9e1d65d234

  • SHA256

    104bbe02bcdd445eee643ca0ae5572462e801faae347a323b891e041ea328953

  • SHA512

    0adf49e2e8888598e1714fb756fbb9778d543e9e1964a13d9970038937d92214318ea49582e694e6bbc83056598ab6efc7af91266d51425259654bd2b659b460

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOV:RshfSWHHNvoLqNwDDGw02eQmh0HjWOV

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\104bbe02bcdd445eee643ca0ae5572462e801faae347a323b891e041ea328953.exe
    "C:\Users\Admin\AppData\Local\Temp\104bbe02bcdd445eee643ca0ae5572462e801faae347a323b891e041ea328953.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4904
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1360

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    74KB

    MD5

    ce1bae6d3c19988d38e033457725b5cd

    SHA1

    b234a06ed1205e3e35f1b88634e6016dd35bb6d1

    SHA256

    e59c5ff1cb41b7f359bfdb65a214a89f18f97285386897fc36607e0af7301bfe

    SHA512

    260f4f505b8cf216baab2e06369d59dbafb4d155c941d9c6a296d5e0dd7d9cc48a3a9f7e9bdb0ec2fb1b40d36620490bb1833b2af12a5ebb679bc385ae394f7c

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    74KB

    MD5

    d47f16ba371a2c0fa30aa78e6e48042b

    SHA1

    9f4a5b4060a033c34abc02ce0b8a6bf597a51e6e

    SHA256

    cf2d5866b013182737bac2fc9fa94733c41cbedcf38f03edc41115c366c73154

    SHA512

    55420fbfb6584894cf27fdcbd32af2fa3630cc9328c15e517c66b76a0b9193820a2eb77c1e4a497cc2a21d39ae4c7c8406f912d65ce6a8d48f2cc2bbebad2c38

    Download Submit

  • memory/4904-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4904-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download