Overview

overview

7

Static

static

3

7284d993db...ab.exe

windows7-x64

7

7284d993db...ab.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 02:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7284d993db1c95d454dabdd31cb52e007cb81bb6c455b6983ed86d29fad6abab.exe

  • Size

    82KB

  • MD5

    9cc17965a9e67a6d067e1336b1d2e5d8

  • SHA1

    9f799da09568b0d0636d12ba51d6896925348922

  • SHA256

    7284d993db1c95d454dabdd31cb52e007cb81bb6c455b6983ed86d29fad6abab

  • SHA512

    ed9cc8855d85fa049f30c321d22db38c770d4c88e2f3e7e8b752a82b5da69592d57a8afbd1616b85eb5bd7536e04dba14c3d207920036a6a66a33af92471bd02

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOZWDHBy:GhfxHNIreQm+HiOWDHBy

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7284d993db1c95d454dabdd31cb52e007cb81bb6c455b6983ed86d29fad6abab.exe
    "C:\Users\Admin\AppData\Local\Temp\7284d993db1c95d454dabdd31cb52e007cb81bb6c455b6983ed86d29fad6abab.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          80KB

          MD5

          1094190101b3b7a5eceff48ed655eb8b

          SHA1

          ef8b20fea251ff5a8ddaa62e83d95520cb377ddc

          SHA256

          feb3f851f976d3fd571a03e947f17a03da223f5f551a2258335594e2e8009064

          SHA512

          86bf5d9b984da944a3145ac1d1587bfd6a259dec141dd01324b3683e3931f5b027a8702aa9686d0d99540b694e33d3fce4ea52eed48b5a7db5df4b93d2ad9e8c

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          77KB

          MD5

          6d865ff2f89ca491bc3ac76b24bce5b7

          SHA1

          1c4609ffb3c0a261d1ade37b615d711ae9f4764a

          SHA256

          0486c13baba88d53a824397bb0cb114ff93286428f58e53077cd6e5aa579e3e9

          SHA512

          ec8251f551205c078a0966cdb3af8acd6680a9cdd31d630916ce1ed11edf50dcb58f5307f0b9f6d790a0cc30157dad8669ebdae277cc7ec23200ab546b711a25

          Download Submit

        • memory/2820-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2820-17-0x0000000000300000-0x0000000000316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2820-18-0x0000000000300000-0x0000000000316000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2820-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download