Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 02:43

General

  • Target

    debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe

  • Size

    75KB

  • MD5

    c2672cc8a0c8768f6ea091e42f7090c3

  • SHA1

    1f5c218fdc3a3361fa5d70d44aefc28ab1f52ec7

  • SHA256

    debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07

  • SHA512

    05c9f9c5ac5400a66da70e2b0921368e5a7bc4a2451480b7d26ab8748b8c558dc3b93a81fcf194fffa6f0a09b468d4024aa056ca1dd44a21bf47429db8cd4b14

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe
    "C:\Users\Admin\AppData\Local\Temp\debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    83KB

    MD5

    d3ed63e83b90d972a8ecb094a0bc52e2

    SHA1

    859645f509242477d96c5a55883081d0c7581824

    SHA256

    47a3b04479e56bece397c54f17e0f074826dac3c87c12152499a507f9458b365

    SHA512

    9a9362489e856ebb855fc32d6eb9164f4c9442f716d6d8bf0f67ff9b71848192880903b5111a9a2cdcc5d509412fc555d3a2452b5ac8adc27b78c0d61a22ceea

  • \Windows\system\rundll32.exe

    Filesize

    80KB

    MD5

    abf7f5e63c94118c62ae73c3f49a3c86

    SHA1

    cf628e4b04ea812a5278f8aa8909879156883f44

    SHA256

    08575ec182c665c9961b98db7cd18725f1a34bac08462ca47cc7f956134a0dd4

    SHA512

    8955433a5dbd97453f38ccc03d2f973be3dbc91dd3ada684e4b9f7741961a41b22084be69b4215fdb02c5467ab15172a492e05ebec506f2e4edf909ebabea540

  • memory/2232-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2232-12-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2232-18-0x0000000000260000-0x0000000000276000-memory.dmp

    Filesize

    88KB

  • memory/2232-21-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/2232-22-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

  • memory/2832-19-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB