Overview

overview

7

Static

static

3

02af9634c4...a5.exe

windows7-x64

7

02af9634c4...a5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19-06-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02af9634c4b4370e4ab26381145291963a071d928b8e8fef9e9a8e6dd018e1a5.exe

  • Size

    30KB

  • MD5

    4bf7024e69a6c40395ea696d5d2855cc

  • SHA1

    f18fa66ab1b15661d4282203abe4660ec95a2774

  • SHA256

    02af9634c4b4370e4ab26381145291963a071d928b8e8fef9e9a8e6dd018e1a5

  • SHA512

    b80898b5d6575bb73afe6691952a4b0987ca926ea5f372dd98e0966b327828b5b9172a9674debb776c6f86504c5c2a6124f80d9ed09f189969e371895530543f

  • SSDEEP

    768:PVEHJqjHyGvwFylDpulVSQJrE/2QmlCYZUTC91A4X:PH2nylslwHCCL

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02af9634c4b4370e4ab26381145291963a071d928b8e8fef9e9a8e6dd018e1a5.exe
    "C:\Users\Admin\AppData\Local\Temp\02af9634c4b4370e4ab26381145291963a071d928b8e8fef9e9a8e6dd018e1a5.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    30KB

    MD5

    c71f869186541e16e11ede463651989b

    SHA1

    2e568575251b23dc550e36a35e17da918ade81b9

    SHA256

    f38b66991074097338d102a4cfb2b9bab82f35062d3e5f1454b1356aed445116

    SHA512

    4d429b7a5f4566fa703b66fe082948f8c13ed139cc276fa72b42bd28801d0bd4c5533f08bdcbcb61ac2bf20a9784593c3db2433e0cd33eb636bd0df32be997b0

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    27KB

    MD5

    bd256f8289a94531e9e366c4909c87cd

    SHA1

    a83c12eec4b4e226c70e8a23eb6595ebdf9e0b3d

    SHA256

    0940afc2a64e8a67a891485dd36cbc6b15ace4fd22b3e7b7e89852f1430399dc

    SHA512

    d36e74144ef8f3f470659b5eff03a1701bb2f373ab106cc004177340798793f41fcc4cfba85f09afd130ccb0de1400d02153558cfd05aca6ea0328b8ef5f401a

    Download Submit

  • memory/2984-28-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-27-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-34-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-33-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-21-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-23-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-24-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-25-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-26-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-32-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-31-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-29-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2984-30-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3008-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3008-17-0x0000000000350000-0x0000000000365000-memory.dmp

    Filesize

    84KB

    Download

  • memory/3008-20-0x0000000000350000-0x0000000000356000-memory.dmp

    Filesize

    24KB

    Download

  • memory/3008-19-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download