Overview

overview

10

Static

static

3

a755e6923b...d1.exe

windows7-x64

10

a755e6923b...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    111s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/06/2024, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a755e6923b40a3d3c2bc92e495458afbbd4cc40651c4a41855b39f8c3ba07fd1.exe

  • Size

    76KB

  • MD5

    d9b597c572799b9162beaeb9b8c41a38

  • SHA1

    1c535ceac2ea69a15a5154894a984d0788ea2689

  • SHA256

    a755e6923b40a3d3c2bc92e495458afbbd4cc40651c4a41855b39f8c3ba07fd1

  • SHA512

    45becb0d52b3667e3f8880f67150468d785f908985fdd81bdc8f97f74c207eb2e2b6e66cbc46b467b2010d7ab0cd76a2e500a1ba27363740ce374be62a667829

  • SSDEEP

    768:t0IrC+32rskyBq+xOF4/i/BEYkp7P6lweQDhDmpU5GFrrEzWsdSE0d8pUHIkI0IM:tRgtyBdxO+2G40OIkaxi

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a755e6923b40a3d3c2bc92e495458afbbd4cc40651c4a41855b39f8c3ba07fd1.exe
    "C:\Users\Admin\AppData\Local\Temp\a755e6923b40a3d3c2bc92e495458afbbd4cc40651c4a41855b39f8c3ba07fd1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\feiol.exe
      "C:\Users\Admin\feiol.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\feiol.exe
    Filesize

    76KB

    MD5

    af46f8592a3d56aa587ad490061f2607

    SHA1

    d52afcf2701063e0c5c72ed4ab47f6a2ec96f5a3

    SHA256

    43340c74cb8ba3fefcbf90fc2803d676013681f0ac8130b44cffcdd128fbeeb1

    SHA512

    f2add67932e4ca089b781aaa6eb9217a742f370ba708dce09da4fe6fc6faaa5761b6ca1844037256b4c8a8c3d1b77bd44530995e011bdcd32a868274a2f999e6

    Download Submit