eeb721e691a46ec42ccc0a3344f743a3ff15d2461e4ee0340c5efdb734c9df77

Analysis

max time kernel
33s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 22:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdf3299a9e5a527c949465637ce186b0N.exe
Size

68KB
MD5

cdf3299a9e5a527c949465637ce186b0
SHA1

546ce2f26386570ba55efd6537ba9b44c8a256c1
SHA256

eeb721e691a46ec42ccc0a3344f743a3ff15d2461e4ee0340c5efdb734c9df77
SHA512

721652241de9939ac216482e4917c2b3b0d28593e398f34e5fc93c8b8ed8c70b921cc5c802ce4ff8b6da35e507afaead0d2e35d94e17a4f88c245aaa589f2664
SSDEEP

768:cvN3VJRQjQclSbnWNMVJkoS901ZkMajQTxl+ymq6cBRsNC/W5UQTI86c5QD:4WQclC+n9iZkMqeLB6ND5TI86mQD

Score

8^/10

evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Windows\CurrentVersion\Run\SvchostbPjjCYRTwKxBRdYgppJegwNxnFL = "C:\\Users\\Admin\\AppData\\Local\\Temp\\\\Svchost.exe"	cdf3299a9e5a527c949465637ce186b0N.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2516	cdf3299a9e5a527c949465637ce186b0N.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2516	cdf3299a9e5a527c949465637ce186b0N.exe

C:\Users\Admin\AppData\Local\Temp\cdf3299a9e5a527c949465637ce186b0N.exe
"C:\Users\Admin\AppData\Local\Temp\cdf3299a9e5a527c949465637ce186b0N.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2516-0-0x000007FEF54CE000-0x000007FEF54CF000-memory.dmp

Filesize
4KB

Download
memory/2516-1-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2516-2-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2516-5-0x000007FEF54CE000-0x000007FEF54CF000-memory.dmp

Filesize
4KB

Download
memory/2516-6-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2516-7-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads