Overview

overview

10

Static

static

3

550d2c292f...0N.exe

windows7-x64

10

550d2c292f...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 01:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    550d2c292fd1c231f902c31571e507b0N.exe

  • Size

    156KB

  • MD5

    550d2c292fd1c231f902c31571e507b0

  • SHA1

    daf17108fb77c91874df6b19aafc875e0f7e14ec

  • SHA256

    23a973803319125f2ddb44255a9c43fa6fa5a1cf155dbf589487baeb85c0d223

  • SHA512

    e1f20ec423a22dd6c086e07e89d9375ac94183eefa70081e71d07171ddb1b0c6f7eafca785441cb597a59ea791127befc2b962920dd6e671871647bff695cce0

  • SSDEEP

    3072:QkvF+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:TF+Fo2JxeMw3g42HQl

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\550d2c292fd1c231f902c31571e507b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\550d2c292fd1c231f902c31571e507b0N.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2584
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:2900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\AppPatch\svchost.exe
    Filesize

    156KB

    MD5

    1499f8ff4d8852c6f0688ecd8ddbb93d

    SHA1

    8b2f397a12c1b6397d5701030a5f432ec857c0b0

    SHA256

    0f5fa8f9040ef211355ae9b7b268d5ece7e47d625c7d2d86b1c281705c3a8c1c

    SHA512

    80085d464135be9bce00d4ac16929249e4be3bc96a49df3a13f8fb4b660e1027c88e6c6c91a313b4bd5bfc10d0f968259a75201ffcd8ee5d694891b90e182e55

    Download Submit

  • memory/2584-13-0x0000000000BC0000-0x0000000000BF0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2900-22-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-24-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-20-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-18-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-16-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-14-0x00000000002C0000-0x0000000000306000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2900-25-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2900-27-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2900-29-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2900-32-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2900-34-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/2900-35-0x0000000000330000-0x000000000037A000-memory.dmp

    Filesize

    296KB

    Download