Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/06/2024, 02:43

General

  • Target

    debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe

  • Size

    75KB

  • MD5

    c2672cc8a0c8768f6ea091e42f7090c3

  • SHA1

    1f5c218fdc3a3361fa5d70d44aefc28ab1f52ec7

  • SHA256

    debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07

  • SHA512

    05c9f9c5ac5400a66da70e2b0921368e5a7bc4a2451480b7d26ab8748b8c558dc3b93a81fcf194fffa6f0a09b468d4024aa056ca1dd44a21bf47429db8cd4b14

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe
    "C:\Users\Admin\AppData\Local\Temp\debf6d2b16e9f2d7283255bc6fd061db86afa021b36a046bec0ba69f1b12bb07.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe

    Filesize

    74KB

    MD5

    971c18a4cd09826a7c6943731c077ae6

    SHA1

    d36056e0984d163acb3e61693bf0b1d03df34fcd

    SHA256

    78e2c55b64a7fcdc5e743ba5fb7593f2aebb277e4b3237e096b9a94f44ade0f1

    SHA512

    d113cfed2448605561ef954946d291d6af6bfa7afba0e99ad089b557b564ff1f7ff828bab575e1819248b6d74ab28582a1c9cf189acbec8318ef3f019dfce553

  • C:\Windows\System\rundll32.exe

    Filesize

    83KB

    MD5

    bf6626ecf0f25c0166b848fb512a83ea

    SHA1

    53c68391a5066de9ef29c38755a881e7b2a6a77c

    SHA256

    06640a70e6fd57817dd81666adf1de19d8b5c9c3240c6a5bb2f1cc9911590bf9

    SHA512

    e11b1b75710f264365fc41f653786499c1c07bfcad814f80e2acf5f811838e9c163c8d55ec7810d27f5780cc06f4b46ca5c789a747ca8369a26a17b05d554510

  • memory/944-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

  • memory/944-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB