Overview

overview

7

Static

static

3

f8693fe7dd...f0.exe

windows7-x64

7

f8693fe7dd...f0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-07-2024 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe

  • Size

    80KB

  • MD5

    82af85c2ee08cdff5e14f996f70cc3bb

  • SHA1

    11b407bb9fab4a1fe87bf1f9bf77a1190f89a2e8

  • SHA256

    f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0

  • SHA512

    8db75ec2c3607084d7e4f9dd1298f7e9f18b8db0db06ee3cd34bf6eff8b68b4185afb1881405afc5c173a4b09611dec083fa8a2b4bd0dc8fa4bd5b6e08e9f0b0

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOdr4apL/:GhfxHNIreQm+Hi+r4apL/

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe
    "C:\Users\Admin\AppData\Local\Temp\f8693fe7dd2add24c69145ba04a14837df1bf7c38c475d46e5bede43a17d6ff0.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    73KB

    MD5

    533f7fddb338ae1c22b16c4f75cd86dc

    SHA1

    8e4274ebc66fd84892d4fe042011a24e11a6f809

    SHA256

    c53ce3632f8c0ea695a42fee21795f95e47af1bc5ffc6c6ea6070fb41e8bc70b

    SHA512

    ad3f6279bd50cd4e6bc284aff5e56f4570740794129d3cedc2395dac748e5ed05f629813beaa16854955309087ec1cdd894afa030d2a146adbbd153ed5ed24d3

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    82KB

    MD5

    30b39b5cd54706ccff8cb9d4d5e27516

    SHA1

    cb626cc2e48fe131700c6662526d0c79836c55f8

    SHA256

    888b01aa0161eb07cb5eb4b329ce99feeb8e8848f73f6ea4299ddf321dbdd23a

    SHA512

    ba69efd9ea004da9c943bdebc6001d66f61ab0e642d9e7bc30c5668b2e4e93d1025553ec58d9175aabc2350a4eb35e9ac35bd728b53844019293c55c9d1f47f9

    Download Submit

  • memory/2692-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2692-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download