Overview

overview

7

Static

static

3

057dbdcd55...4d.exe

windows7-x64

7

057dbdcd55...4d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/07/2024, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    057dbdcd55a7ea7faaf791ae6b72d05b6e0856662817fb8ee0332e9ababbd84d.exe

  • Size

    75KB

  • MD5

    574fdd1bc7fdbc3c8850e457e92aa044

  • SHA1

    7a491c129ee9994ea41129d81c58d5dd864071b6

  • SHA256

    057dbdcd55a7ea7faaf791ae6b72d05b6e0856662817fb8ee0332e9ababbd84d

  • SHA512

    78ebe8f7e21ab54d18eb73d68c84cb374e4c746b2f15f566eca58837afa095e9a84548062bce815d7e3c62eb0e3ef7592075d495e91206fcc5fbc095e4e8ae31

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWO/k6:GhfxHNIreQm+Hiwk6

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\057dbdcd55a7ea7faaf791ae6b72d05b6e0856662817fb8ee0332e9ababbd84d.exe
    "C:\Users\Admin\AppData\Local\Temp\057dbdcd55a7ea7faaf791ae6b72d05b6e0856662817fb8ee0332e9ababbd84d.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2152

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    82KB

    MD5

    942a1b874d5db890a2d146d8de20d172

    SHA1

    cbd563ec5ec007b061babd6c387a133270293fe2

    SHA256

    9428b499116cf137acc713185686fc31cbb16f0b8f3851146d3003c5ab8aadcc

    SHA512

    04ee443dfd69c8fa0b32f05a3d3a5c79cac30e7f1b139e3d35e15183df0982cf7f103579292e91dfbd3a0997fceafbc138cac73ff3d821d33c57632fa5ef7f5a

    Download Submit

  • \Windows\system\rundll32.exe
    Filesize

    77KB

    MD5

    0f402fe051622dd9191c1154aba43a7e

    SHA1

    be7d01cbbc79241021901ea1dc5a6967f7e0a9e8

    SHA256

    0896b0a7c82b9e855de0d1d49f886fc0452ec2020454bd71bd2123d97e9f1ba5

    SHA512

    576b08ba27b8311b8f68bf54296a4d48cf0b07a1b9cdbe97b14a02093db2d5f83aadd838f6c74b6401b33e4da4f4e3c574a05c2454589a32adc8ff1c9e24dc1f

    Download Submit

  • memory/2052-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2052-13-0x00000000005B0000-0x00000000005C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2052-21-0x00000000005B0000-0x00000000005B2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2052-20-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2152-18-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download