Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 11:29

General

  • Target

    54eead1de8bd27ec7af94eb47732a0a14f00122c592e25f4774b694c49f62667.exe

  • Size

    76KB

  • MD5

    eca85181731ad667480575c6dd398c62

  • SHA1

    00748dbf4300d1df5a1f492c2e8ba7c281bfa276

  • SHA256

    54eead1de8bd27ec7af94eb47732a0a14f00122c592e25f4774b694c49f62667

  • SHA512

    6587c4f417f35f950d0ebea05811b92307b4d54acb833bb8133263cc9a3da187466a632f6f51f91c576a5e0c95a50846479fab69059699cd44e15b5b95e5fbda

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOH7r:GhfxHNIreQm+HiS7r

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54eead1de8bd27ec7af94eb47732a0a14f00122c592e25f4774b694c49f62667.exe
    "C:\Users\Admin\AppData\Local\Temp\54eead1de8bd27ec7af94eb47732a0a14f00122c592e25f4774b694c49f62667.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2844

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe

          Filesize

          76KB

          MD5

          a5da74734020f0ec6dcd3222d6ec7358

          SHA1

          128477a0f2080738cf4a23c5ac846b1952c29174

          SHA256

          a0d0cc13e9672703008ae8f50a1f1f08dbc02a5ba1b03ceb3222f8bf4d500912

          SHA512

          a268b17942d9dce97f97f6aa92de81aefbd52350d3a47981fb889b8672cf23565987a29fda45611e00698961cab75d8a787859662ce866ae9f13b19a7337589f

        • \Windows\system\rundll32.exe

          Filesize

          73KB

          MD5

          6ce9ed5aba586c099ebec3d94fc72cdc

          SHA1

          19990bc3d470cc43ba6fad0f4c76fb0c1cdd9f77

          SHA256

          26586035b57c9dc0ad48d94a0a860de6fdfc93331bb000cd26f288ad25e3c6b1

          SHA512

          3e3d57df3646bf362681a165086a37ab16d5d4fa98e5d8e0ad24fc99dfda617ea72ac392b722cf43a472671758b66ac7410e42e6d85da7adb6dec065d8f69779

        • memory/1364-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/1364-14-0x0000000000700000-0x0000000000716000-memory.dmp

          Filesize

          88KB

        • memory/1364-17-0x0000000000700000-0x0000000000716000-memory.dmp

          Filesize

          88KB

        • memory/1364-21-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/2844-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB