Overview

overview

7

Static

static

3

ee58a35548...c2.exe

windows7-x64

7

ee58a35548...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee58a35548630de3ef2991e35e4d0f332efc54ad00c0fac3bfb6d2ee8e481ac2.exe

  • Size

    84KB

  • MD5

    8764b3febeaeec1bb606a4d43825608e

  • SHA1

    157a5f58b13fe52850a8c00c7b4f8ccdcc2ae278

  • SHA256

    ee58a35548630de3ef2991e35e4d0f332efc54ad00c0fac3bfb6d2ee8e481ac2

  • SHA512

    8ef2ac5022b8b769d267e7d53acdd05ef95a04b2e5fc54dc2e62811946755ca5a38c5b5e170198ec562a7c96386fd12c9d8b7641ad4071ba65f7ec0b5404e278

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOLG4jv34xy:GhfxHNIreQm+HiaG4jv34xy

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee58a35548630de3ef2991e35e4d0f332efc54ad00c0fac3bfb6d2ee8e481ac2.exe
    "C:\Users\Admin\AppData\Local\Temp\ee58a35548630de3ef2991e35e4d0f332efc54ad00c0fac3bfb6d2ee8e481ac2.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3640
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3104
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1040 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      83KB

      MD5

      4188e753a70eb56187890f6322d283ee

      SHA1

      afaf071c5c148033790052d8f33ab307a6803cc3

      SHA256

      40f830689d1f258625adec26d765800adf5973d8a81b8a520894404c07c9b636

      SHA512

      b40b91809d3cea5e51bed20c1d6c5e48d5a7a12581ea081ac1f29c554bad33de13445ea721b29133c230fcb02501788481c4b162d4bd494edd52b09c7b3bb7e9

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      73KB

      MD5

      d2c0dd76e05e3ed2106089468b2d65a2

      SHA1

      642967312de7e370e19515651b6cb460bec6e87e

      SHA256

      13cd0eb0d1b9065937173ff5e79f8b5088e0690d65e60d3782a491366697d2e3

      SHA512

      8e9c96fe25347aa869797e0ceba8adf0d74ad34a76a24e4fb9eb23dfdfe521b130802e3b2c8ee303f365b2bce51e70ff7bd211645c0c20b79a7ceba5d0dfc69a

      Download Submit

    • memory/3640-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download

    • memory/3640-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download