Analysis

  • max time kernel
    149s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 11:29

General

  • Target

    882102817c55b1f884a9256061123dc0508714992326ea92f4927dd8ec0ef27b.exe

  • Size

    84KB

  • MD5

    60a2358e346d88c4a2709a21f2584979

  • SHA1

    30a39b0e0cfd478c59bb92b30da0f0799892567b

  • SHA256

    882102817c55b1f884a9256061123dc0508714992326ea92f4927dd8ec0ef27b

  • SHA512

    6b80575dbd93bcb23a02026ac3e2f88b20e54b3f26fdc168afa95b90cded92b1e79e9c9e0a27edcfb11291335364d485ea0d13e388cd760f4d6c7659c53ed41d

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOr/BVNJ2oT:GhfxHNIreQm+HiE/BVNJ2oT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\882102817c55b1f884a9256061123dc0508714992326ea92f4927dd8ec0ef27b.exe
    "C:\Users\Admin\AppData\Local\Temp\882102817c55b1f884a9256061123dc0508714992326ea92f4927dd8ec0ef27b.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe

          Filesize

          80KB

          MD5

          0d63035d1b9bfecb5a5f1e5d04866899

          SHA1

          a8df07fcb5d7ed1c7b5f5db51ab29dd8f74e2791

          SHA256

          cfa436a6dd4d2db5920eb8f876a5bb7fae153f35d6675d3b694a7dec59c82e29

          SHA512

          3d576fdb6582e7a79e11d6f90807dbc122d9c09855c1ef56b18562121cc2fe175f8cda7775d097cf904ca56a10409ed702c42c188bd73896e51af129553f2c3b

        • C:\Windows\System\rundll32.exe

          Filesize

          76KB

          MD5

          836c2b0bdb83e487e9ccdb072249d63f

          SHA1

          8a7cf1159cdfd0652933a302ae0912191773e72f

          SHA256

          7ddafc22d0be0bfcbc4c4c262df630117ced1c519eed1401b97a12faecc6610e

          SHA512

          6e1b4446f67626afa4d110abaee686dc4dcd4ebf42d9bacc9c6c3f8e8dfa49dab66be84a97d8c837e76b123570829a0a078bbf6e8531684650d91a00fad9fc72

        • memory/3188-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

        • memory/3188-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB