Overview

overview

7

Static

static

3

299f9535f0...20.exe

windows7-x64

7

299f9535f0...20.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/08/2024, 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    299f9535f0fe78447f263f15fdcd14cf7c26507fd9601a1940f835e9f0420820.exe

  • Size

    78KB

  • MD5

    a0bb490e474ace55883a9c8b54045d78

  • SHA1

    d59c6d7b415bf8c7dc13f143db161e421c62be95

  • SHA256

    299f9535f0fe78447f263f15fdcd14cf7c26507fd9601a1940f835e9f0420820

  • SHA512

    27c7b8daf54e496c5517bc1d951b36a0ba224174d160bd0998fca0401f94be3561f2176ec1b511d6f6f5a7db456eb5cf8c54471f8a497330afb7f11924073e50

  • SSDEEP

    1536:RshfSWHHNvoLqNwDDGw02eQmh0HjWOlzE7I3:GhfxHNIreQm+HiyzE7I3

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\299f9535f0fe78447f263f15fdcd14cf7c26507fd9601a1940f835e9f0420820.exe
    "C:\Users\Admin\AppData\Local\Temp\299f9535f0fe78447f263f15fdcd14cf7c26507fd9601a1940f835e9f0420820.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    83KB

    MD5

    ad5f5aab3f9e9d7c38efcbecbc93b747

    SHA1

    fa065ba5b7fa6e0fb9c2b53eae597295fd5d4834

    SHA256

    a2b638b1dcabdb1921047e355a09f57a76f5b389146adf42b56a0658ca98f398

    SHA512

    0ae0cb930d7b0d08d2d05b7f3b076e446caecc695071d19c5dac7468eff607354f6c243104c7c12d0c2508588c956b2820dc905f7a250441f45518d5fa288621

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    85KB

    MD5

    6801d02b18953697c977730d226cf621

    SHA1

    ef9c04a8bbd27b7f2b42b2ce6e01d2c0db841ae8

    SHA256

    c9037a6a3dcf579b92508d027117f3294edb470570edaa371e4c24dd3debc6e7

    SHA512

    c85b8e60a6fa06da2e8703cad2389f406402a0981dce74a3976ee56599104430ef86a357147d32eb83c2ad78c707ba86fbff817a1a27404ca4702bac3bdbffed

    Download Submit

  • memory/648-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/648-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/1512-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download