Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 11:29

General

  • Target

    9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe

  • Size

    73KB

  • MD5

    54258a85610470b44ab823b2220cd043

  • SHA1

    544f41ddb96b285bfce70f9b6784b8780055cc35

  • SHA256

    9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d

  • SHA512

    25c5d008567d99585ebdbd79aba3ff20324934316ceee7149f3b74dbbf2884361b7c93172bf1bfeee772484bd5cecbc7b653c25303fadc5c1097d0bb90c01881

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOa:RshfSWHHNvoLqNwDDGw02eQmh0HjWOa

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe
    "C:\Users\Admin\AppData\Local\Temp\9739b22562473f0a57d1c02b8a1d766c60073f96a2031ba9f189e6de38b44b6d.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3148
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:676

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe

          Filesize

          80KB

          MD5

          0d63035d1b9bfecb5a5f1e5d04866899

          SHA1

          a8df07fcb5d7ed1c7b5f5db51ab29dd8f74e2791

          SHA256

          cfa436a6dd4d2db5920eb8f876a5bb7fae153f35d6675d3b694a7dec59c82e29

          SHA512

          3d576fdb6582e7a79e11d6f90807dbc122d9c09855c1ef56b18562121cc2fe175f8cda7775d097cf904ca56a10409ed702c42c188bd73896e51af129553f2c3b

        • C:\Windows\System\rundll32.exe

          Filesize

          76KB

          MD5

          836c2b0bdb83e487e9ccdb072249d63f

          SHA1

          8a7cf1159cdfd0652933a302ae0912191773e72f

          SHA256

          7ddafc22d0be0bfcbc4c4c262df630117ced1c519eed1401b97a12faecc6610e

          SHA512

          6e1b4446f67626afa4d110abaee686dc4dcd4ebf42d9bacc9c6c3f8e8dfa49dab66be84a97d8c837e76b123570829a0a078bbf6e8531684650d91a00fad9fc72

        • memory/3148-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/3148-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB