Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 11:29

General

  • Target

    9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe

  • Size

    73KB

  • MD5

    54258a85610470b44ab823b2220cd043

  • SHA1

    544f41ddb96b285bfce70f9b6784b8780055cc35

  • SHA256

    9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d

  • SHA512

    25c5d008567d99585ebdbd79aba3ff20324934316ceee7149f3b74dbbf2884361b7c93172bf1bfeee772484bd5cecbc7b653c25303fadc5c1097d0bb90c01881

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOa:RshfSWHHNvoLqNwDDGw02eQmh0HjWOa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe
    "C:\Users\Admin\AppData\Local\Temp\9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe

          Filesize

          83KB

          MD5

          b7609239751f129365c3c5c015b8e4fe

          SHA1

          d5c8e5cca37e6db1b03b2a265063c4221f7114c5

          SHA256

          969550724a9bdc0d268ab485c75caa8a5950a6ae529bf093a5cd0253d7c7e983

          SHA512

          b74f72a0e15723b29ba0b48b0d5ab47ac0507e52c1c4faa2cd5f3fb35aa2ac4549772573a9d201047496f53a71b3e4adf8bab1811a9b5d7f8798e1f23b31c45a

        • \Windows\system\rundll32.exe

          Filesize

          76KB

          MD5

          6e3b9ceb652bc5b5fbd4680df1930463

          SHA1

          033d0c9a812fa532a803918d93a63c3adf68abb7

          SHA256

          a8f7e89a5de580df46125962f317ee8b94d6d05aa6c53a8598503cd561057567

          SHA512

          f46a0068ba82ddf36b082885c9d5200bb79214fa03430ce6127b06239284f35e06662bbb77cbd24ea1282670c3ee536c5180dd1bcc734479b005cbfb4dfc1992

        • memory/1296-18-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/2460-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/2460-12-0x00000000002F0000-0x0000000000306000-memory.dmp

          Filesize

          88KB

        • memory/2460-20-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/2460-21-0x00000000002F0000-0x00000000002F2000-memory.dmp

          Filesize

          8KB