Overview

overview

7

Static

static

3

60eb863c3c...87.exe

windows7-x64

7

60eb863c3c...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60eb863c3cfcc1aae81d6b8c32c544d3d2ae32c9b99044fa9c116e753ae35b87.exe

  • Size

    75KB

  • MD5

    304d255eb180b36c0a91a35fb686267a

  • SHA1

    aa076a07c48d35c23edb5fc784bbcd39453cd936

  • SHA256

    60eb863c3cfcc1aae81d6b8c32c544d3d2ae32c9b99044fa9c116e753ae35b87

  • SHA512

    a0fc7dc044c828ed60ccccb9f078fd680e6f1ed72951a02545b6ac476df1d7ca2fc64651f3e67e4d27a071ce74e3f3216c154ce2e99a81a23cf38ccb2cdf39bb

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOD:RshfSWHHNvoLqNwDDGw02eQmh0HjWOD

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60eb863c3cfcc1aae81d6b8c32c544d3d2ae32c9b99044fa9c116e753ae35b87.exe
    "C:\Users\Admin\AppData\Local\Temp\60eb863c3cfcc1aae81d6b8c32c544d3d2ae32c9b99044fa9c116e753ae35b87.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2248
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\notepad¢¬.exe
      Filesize

      78KB

      MD5

      b47ed2ae2f5e0f901e31876a2af3e88f

      SHA1

      fc639d21b72d5188c0b94906b62118b2473f4152

      SHA256

      a548b5461788ef07bc07a3a879019961ffde5dd25ceff3e1e30940f095dd29f9

      SHA512

      a84d3a29038adfd170423ee51c86bcee7aa66e52d172b3b4a88e3e6915268229b3bcd23ef141bc1f10a59fe85a30711d2f19fe3b6e0338c34211a89d218146c9

      Download Submit

    • C:\Windows\System\rundll32.exe
      Filesize

      79KB

      MD5

      f2a9bbb5bb4e5ef7f8b9d5530445faf2

      SHA1

      19e3c10c139655f3c401f91bec4540327962d2e1

      SHA256

      73f708ff2d08a5e63380e7aa7d7d44630de28e036e69eeba6c1312590680cad2

      SHA512

      fabacefcd851aa1f8926eb943e466327bffd26882cbdb7546866810ed077d19560cbe6d526eb3af716589dbc9cab2665ba83d2b37801219f3285f4467315fcfe

      Download Submit

    • memory/5064-0-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download

    • memory/5064-13-0x0000000000400000-0x0000000000415A00-memory.dmp

      Filesize

      86KB

      Download