Overview

overview

7

Static

static

3

46f491955e...aa.exe

windows7-x64

7

46f491955e...aa.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 07:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    46f491955ec4a0c07720051ee5d706d834fb77a3d2273636010f7ac12439d4aa.exe

  • Size

    81KB

  • MD5

    8878ce3351c36f5dd0786055604632d4

  • SHA1

    0c69b258052a8b094b9dc8483dfbad07a84f46e1

  • SHA256

    46f491955ec4a0c07720051ee5d706d834fb77a3d2273636010f7ac12439d4aa

  • SHA512

    39e4c65d082441fbd04d198584c01d86937665ec03c74cf77b26ef2f6b26b7cf98da1b0abbb5e2889ce7f4465f866c2ce9cef0f07956f90c8d577be72fb34d7c

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOtC:RshfSWHHNvoLqNwDDGw02eQmh0HjWOtC

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46f491955ec4a0c07720051ee5d706d834fb77a3d2273636010f7ac12439d4aa.exe
    "C:\Users\Admin\AppData\Local\Temp\46f491955ec4a0c07720051ee5d706d834fb77a3d2273636010f7ac12439d4aa.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2904

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          79KB

          MD5

          e4ba69bb106150951a4d544bf06de7f2

          SHA1

          6fd1276c8d1d08cdd0c9f84ab0ee4194119dfffd

          SHA256

          ebc56f58465da3c268bfe1b856a6640ae07f6eb2f52464a34782b66e04c893f8

          SHA512

          551042f10aeddeab30eebbb86a3459258deb863b27354db2a31906d00cbfa3710a18a1dcf9f5aba038c1ed22d7455c819c448ac05e8c939a264a01eda17a85d3

          Download Submit

        • \Windows\system\rundll32.exe
          Filesize

          81KB

          MD5

          8a234194e0372b2137c1b15a50646457

          SHA1

          6243fd676f015c3cd1b3638c3a2edd69b543cc4f

          SHA256

          6885e9d09398872c8b41dff01e49a09967a88e819723c0429f293d262df58c72

          SHA512

          d38c81039a51e00de19afb6181d3fa1a05ff996a6ce1740eefa1b8491b67c0b86436d0bb46fa835a795e716546ac6030e58ee8d0c4849d5ffe0eb8e04016fc3b

          Download Submit

        • memory/2504-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2504-18-0x0000000000250000-0x0000000000266000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2504-12-0x0000000000250000-0x0000000000266000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2504-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/2504-22-0x0000000000250000-0x0000000000256000-memory.dmp

          Filesize

          24KB

          Download

        • memory/2904-19-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download