Overview

overview

7

Static

static

3

ad5aed362b...0N.exe

windows7-x64

7

ad5aed362b...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/07/2024, 12:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ad5aed362b6b2e30c197993a321308e0N.exe

  • Size

    82KB

  • MD5

    ad5aed362b6b2e30c197993a321308e0

  • SHA1

    c505c06e23fac2c77b40fd6b74527bc60c0d74b7

  • SHA256

    d48dcf6bcc919c0c645e33cb2e66adf790f1eec008c566082e4bf53591f6c212

  • SHA512

    a2ba963d7ae2cfb04e0da88595ac6d445f5b262a3e299e1d742d6e8ed3d3d286d4cc7c96cb9dae019445e1de87a96762972c0f01be5c03fbbc211f3ada802f82

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWOE:RshfSWHHNvoLqNwDDGw02eQmh0HjWOE

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad5aed362b6b2e30c197993a321308e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ad5aed362b6b2e30c197993a321308e0N.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:216
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:3120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\notepad¢¬.exe
          Filesize

          73KB

          MD5

          5999d31197fcc66298430f845c0b8547

          SHA1

          4124876e664791b44016466ac5644754aa21f13c

          SHA256

          2699b4ab327499c3ca3fadc48ae6f1962abb0605a173c8a31e07ae5d1c4d42c3

          SHA512

          e33f008a6a93b47f8ca740085de4b4fa0dadda48c77e177a2a6a5ab1ed76a22f99223a71853a7c8380b40f2a2904464bd7483cbeed8e7cf9bb86f0ac739e39a5

          Download Submit

        • C:\Windows\System\rundll32.exe
          Filesize

          74KB

          MD5

          3d776ca4c0cf2df1bf16adfe764517ad

          SHA1

          c98687bca3291921552482a7c4b3f698b3c09efc

          SHA256

          a4ac9a46997c9fcc2de75a470035b87dcd95f7f92ef29c824db8b4b547053ffc

          SHA512

          8d38906974433dd88a0a72f4c96a7b19b3bf210d60b8f797359b6130132876770115b211a2ce96dc97c52451836061d80df64dc1c9164b970365bdff7e8d7e79

          Download Submit

        • memory/216-0-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download

        • memory/216-13-0x0000000000400000-0x0000000000415A00-memory.dmp

          Filesize

          86KB

          Download