Overview

overview

10

Static

static

3

60413b10c8...f7.exe

windows7-x64

10

60413b10c8...f7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 21:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    60413b10c81848e2d83c36128197c3620b7b5b6cfa4e03ea3e0ffc88a47574f7.exe

  • Size

    135KB

  • MD5

    97ac4fe44c97eeb3dfcb6482687bc505

  • SHA1

    d9ab671be87c6c8aed66e82051733a8202bb86e6

  • SHA256

    60413b10c81848e2d83c36128197c3620b7b5b6cfa4e03ea3e0ffc88a47574f7

  • SHA512

    7014813192dd22f801b68f754ce0ee5166312b90375acdd32b20ffca727d3a39185473367f8dbc26153f500844f87623a9373b6a9b8b314f322ca02c820de2a5

  • SSDEEP

    1536:UfsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbVI3:UVqoCl/YgjxEufVU0TbTyDDal+3

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60413b10c81848e2d83c36128197c3620b7b5b6cfa4e03ea3e0ffc88a47574f7.exe
    "C:\Users\Admin\AppData\Local\Temp\60413b10c81848e2d83c36128197c3620b7b5b6cfa4e03ea3e0ffc88a47574f7.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1096
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2584
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3916
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2464
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:4744

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Resources\Themes\explorer.exe
          Filesize

          135KB

          MD5

          4ba37b81b481a0e0e1b486f5cd094d52

          SHA1

          1c2fd2907d5811839f14df9fa0e381086fbfecdb

          SHA256

          8471abce32a89f2c4a5cbccdc7fcc12dd0b084bd3649d5b97ef2bdd1076d96a1

          SHA512

          23d9680a8e46d383e8b871e976a799a097a3a3a98ab874504781a53aebc49c0bc728eb67d0014e15ceb352ede019490d342df8ae70c3ae3dbb0ae64b896750e2

          Download Submit

        • C:\Windows\Resources\spoolsv.exe
          Filesize

          135KB

          MD5

          9f83a8921f3dfe27a3a96b60af83609f

          SHA1

          ed2c8a282cf39122fb304e30c4640047274f9cc9

          SHA256

          400991aaf5d11440407ce9d44dcf7f7fb2be11f46b71e93243a4642f74c6f3e2

          SHA512

          a716514b79b3740671634439835a58283222487015bac9c030e8fa9072c72f701ba6f4dc82385be2301a287d35e087009551cf917d38ced5936025c391c96907

          Download Submit

        • C:\Windows\Resources\svchost.exe
          Filesize

          135KB

          MD5

          bcfd5e2d1117d17a7e14247b2534c5fc

          SHA1

          b1aae427977f29c88cd2f98d17ec79495d780dc8

          SHA256

          12659869193f8575aa3a1b889f44d2846deeb0184b87956c481cc9670e5cf796

          SHA512

          cf607c6d682d40b2ed7a34dea59961b54d9f41895e2b734850dd42377709940ef67549fb6fbbc2fd4763f0a4ca3a66c450b2ae64cae4aa384893112887b80fef

          Download Submit

        • memory/1096-0-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/1096-34-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2464-36-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2584-35-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3916-33-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4744-32-0x0000000000400000-0x000000000041F000-memory.dmp

          Filesize

          124KB

          Download