Overview

overview

7

Static

static

3

55dd038ef9...d5.exe

windows7-x64

7

55dd038ef9...d5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 22:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55dd038ef91add9b6699709f4d4ddbfebc8e1589485427799628a9fb8015ded5.exe

  • Size

    77KB

  • MD5

    46a6cc1bdbe38db140241ff344b6c057

  • SHA1

    6da34bddde031b2a842a63dca60e21bb98391c5c

  • SHA256

    55dd038ef91add9b6699709f4d4ddbfebc8e1589485427799628a9fb8015ded5

  • SHA512

    287855ebd1634c0a1eea77e286b922536f1b2d6435edd4d7d3fbaa0325b34776a73c7dadcfdc92d6385ff7598fc217b62885ec7a357175796b42e0b1c5b7e927

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOusS:GhfxHNIreQm+HiVsS

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55dd038ef91add9b6699709f4d4ddbfebc8e1589485427799628a9fb8015ded5.exe
    "C:\Users\Admin\AppData\Local\Temp\55dd038ef91add9b6699709f4d4ddbfebc8e1589485427799628a9fb8015ded5.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    534ddb65662ac0b743fe9adab31e8dfb

    SHA1

    219bd6f5e2f1f14eee04475ce7e988f36f0280c1

    SHA256

    e214174a2e6d0cc90f9732d5bdb8ee86edf0f3e0d86e648dfad1b8ef3a142fcd

    SHA512

    ffe7f855ea5afe6af7fbdde8da52ca84fba7576fbfb3955ae3e574849e4a6cb7efc42154d828e09984c9260be657728065bbd5d973df3e7fdae464fa30ccde9e

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    80KB

    MD5

    9c2f85710211ed18f46ade84f14f8811

    SHA1

    fc04bdfd6c9d5d3fc88fd72c9fdec5429a68825f

    SHA256

    67366f6d1b502ac9d4c95f5220c28e51029560979b68829a4b1ee9c04184943f

    SHA512

    13b8bdcba0647e25fdd989805daf70b14cc7531dbfae4ad4e30de8942f68f1926abbd97c00286dea7c92fd5234e7fee08da5e4668e8bf8dccc708fc90ac746c8

    Download Submit

  • memory/1724-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1724-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download