Overview

overview

10

Static

static

3

550d2c292f...0N.exe

windows7-x64

10

550d2c292f...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 01:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    550d2c292fd1c231f902c31571e507b0N.exe

  • Size

    156KB

  • MD5

    550d2c292fd1c231f902c31571e507b0

  • SHA1

    daf17108fb77c91874df6b19aafc875e0f7e14ec

  • SHA256

    23a973803319125f2ddb44255a9c43fa6fa5a1cf155dbf589487baeb85c0d223

  • SHA512

    e1f20ec423a22dd6c086e07e89d9375ac94183eefa70081e71d07171ddb1b0c6f7eafca785441cb597a59ea791127befc2b962920dd6e671871647bff695cce0

  • SSDEEP

    3072:QkvF+OOUYjo0i2JdvIArAVMBWfvgfJYraeL/qHQl:TF+Fo2JxeMw3g42HQl

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 1 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\550d2c292fd1c231f902c31571e507b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\550d2c292fd1c231f902c31571e507b0N.exe"
    1⤵
    • Modifies WinLogon
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Windows\apppatch\svchost.exe
      "C:\Windows\apppatch\svchost.exe"
      2⤵
      • Modifies WinLogon for persistence
      • Executes dropped EXE
      • Modifies WinLogon
      • Suspicious behavior: EnumeratesProcesses
      PID:3188

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\apppatch\svchost.exe
          Filesize

          156KB

          MD5

          0687659340b567a311cc7aee844d9975

          SHA1

          06da21b4bac940aa3c7c4167ecc38dc2221e124f

          SHA256

          504b9369f9b08037ab2c591a7a769ddd653764280020dc92ca440f6ec249b5bd

          SHA512

          eea06734a6b289b607670bd59fd833770ada99ec3783da26de6bb974e7c62550491bb898f68446a0328f20ab9406f8d248ec9a659185e8ceaa381b5b779215d3

          Download Submit

        • memory/864-9-0x0000000000240000-0x0000000000270000-memory.dmp

          Filesize

          192KB

          Download

        • memory/3188-10-0x0000000002F20000-0x0000000002F66000-memory.dmp

          Filesize

          280KB

          Download

        • memory/3188-11-0x0000000002FB0000-0x0000000002FFA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/3188-15-0x0000000002FB0000-0x0000000002FFA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/3188-13-0x0000000002FB0000-0x0000000002FFA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/3188-18-0x0000000002FB0000-0x0000000002FFA000-memory.dmp

          Filesize

          296KB

          Download

        • memory/3188-19-0x0000000002FB0000-0x0000000002FFA000-memory.dmp

          Filesize

          296KB

          Download