Overview

overview

6

Static

static

3

senex_wooferv2.exe

windows7-x64

6

senex_wooferv2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    62s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 06:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    senex_wooferv2.exe

  • Size

    547KB

  • MD5

    2c34ffccadf1e85664f1d6db4f382ec9

  • SHA1

    650a97552b8a88910974202348041611e5f597ab

  • SHA256

    e5ba880ee68d3dd4ec9dd98a72fc368e14dc0f31a0c05e06acde6f4a6f148d57

  • SHA512

    66f9c57d1b377178713b415f728c8df3da22886978f2c7fd037c953dd83ec8caef91b2376e4341ab3080412ec8826fe063dd1b560062531f70826d2021021290

  • SSDEEP

    6144:A2M5jRQas4PR8cXTvBOoTWly3csKcW6JUBQE3Ko3MHOVnWuOBD4LXA:A2M7PR8Iak3cPsiQCSp

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\senex_wooferv2.exe
    "C:\Users\Admin\AppData\Local\Temp\senex_wooferv2.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color 1
      2⤵
        PID:1060

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\Cab3C76.tmp
            Filesize

            70KB

            MD5

            49aebf8cbd62d92ac215b2923fb1b9f5

            SHA1

            1723be06719828dda65ad804298d0431f6aff976

            SHA256

            b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

            SHA512

            bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar3C89.tmp
            Filesize

            181KB

            MD5

            4ea6026cf93ec6338144661bf1202cd1

            SHA1

            a1dec9044f750ad887935a01430bf49322fbdcb7

            SHA256

            8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

            SHA512

            6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

            Download Submit

          • memory/2508-0-0x00000000779A0000-0x00000000779A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2508-107-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-108-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-109-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-110-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-111-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-112-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2508-113-0x0000000077950000-0x0000000077AF9000-memory.dmp

            Filesize

            1.7MB

            Download