Overview

overview

7

Static

static

3

4b92b306d0...36.exe

windows7-x64

7

4b92b306d0...36.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2024 03:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b92b306d0c931907f0591a50325cd241140e47ee5753eda5db7d7884d3c3a36.exe

  • Size

    76KB

  • MD5

    17f017755badcc0bc8a7de3923792319

  • SHA1

    aa6960b37af3162df40fe7705ad428f1cbeabb59

  • SHA256

    4b92b306d0c931907f0591a50325cd241140e47ee5753eda5db7d7884d3c3a36

  • SHA512

    235ba822042c2763723b14a0767debeb507fe4271ed155d2db7da6f853baaa8c6c783423cb5540083d723579b2a6b60bcfe698fe83790b997242c05bb9420f8f

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOxp1:GhfxHNIreQm+Hiap1

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b92b306d0c931907f0591a50325cd241140e47ee5753eda5db7d7884d3c3a36.exe
    "C:\Users\Admin\AppData\Local\Temp\4b92b306d0c931907f0591a50325cd241140e47ee5753eda5db7d7884d3c3a36.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1020
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    73KB

    MD5

    93806f0db4ce8f986c2435d1ba47e6b9

    SHA1

    65ce6b5ce430597d96c1a65e2be96d4bc0a70b35

    SHA256

    5684e5fddc667aded69d021ac9f1c34fe542c8e16d81c0e91911ada20bad461b

    SHA512

    91dfda89cb72991ccd0fad6e70480c8e2ffcafbfe67a5a50ea5af51d55cffd15fc93358948b232996f0cc468b64b0d10d5b5319f481c32a8115c3994b22bb761

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    81KB

    MD5

    08dbf42e611dc733f4c4eeedc6ebeaa2

    SHA1

    42efda4f2d62294efbf47db9275aa66203a4804b

    SHA256

    c7efbf9c1e40cf5fbe4dec6017dbbd7cde929b4be990311d2d01f8d43abc64f3

    SHA512

    d255c5521f6ec0005acb09389339733c5a424aa8e8ed2cb675decc10a54dd2eac2ca087cb21eb45f1720dd3daa46cc9d56f5a3590e995c1654328b5f4f7aed96

    Download Submit

  • memory/1020-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1020-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/4580-12-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download