Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 23:43

General

  • Target

    540b9b46991e01bf73a8cc78a980ba003c4c34c416c6f9a3e43815591fa7db6d.exe

  • Size

    75KB

  • MD5

    8c6ccf2f549a1314eddfad4d85379ff0

  • SHA1

    bd625d2e1411c3943f8aa456be80f49699e9eb46

  • SHA256

    540b9b46991e01bf73a8cc78a980ba003c4c34c416c6f9a3e43815591fa7db6d

  • SHA512

    4d63117a8b41bb0d0a246f3f44de12d6259aec2868ae47b00d85b02430b767a36497eccd1ec3742bb564bbfcc71c19971a233765477ffaa66aabd9ac4451e114

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO7L:RshfSWHHNvoLqNwDDGw02eQmh0HjWO7L

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\540b9b46991e01bf73a8cc78a980ba003c4c34c416c6f9a3e43815591fa7db6d.exe
    "C:\Users\Admin\AppData\Local\Temp\540b9b46991e01bf73a8cc78a980ba003c4c34c416c6f9a3e43815591fa7db6d.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    74KB

    MD5

    7e97abf4ded003b7ca8c18a218d72ac6

    SHA1

    b62bb46371ee5f5c55c9384f2ef6bf3ac4ceb869

    SHA256

    13fc48049c18722a126b5ca44ec76ab528f4c369834e0b371d3e465f7f246f12

    SHA512

    bbb92b6ef2d63d7fa0198905007d19a98640c3b0cb7ae6bab2ef5e516f56cf6ec4e348e1440826b926fdb70acbe793cf86d06ee0707eb5769babbe3d93443799

  • C:\Windows\System\rundll32.exe

    Filesize

    79KB

    MD5

    5b256c91236dfee07b2259d7187523ed

    SHA1

    cccf8574049e6d5c29636d06c3e40a854818cdce

    SHA256

    0d43bcc7afcc07e5606c06e13f5c825c697a5f6014eb9fe781e64f3d55266bab

    SHA512

    400b5fccbd2b49bc7a9a6cd5daa0f19c3a4f30df68cdbf59322d6e11eed418ee743e83b6f5b64e4c9f617f294f05d26906d36bd36a9f5284b53cc65bbbc3f3d8

  • memory/2620-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2620-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB