Overview

overview

10

Static

static

3

284a6007ee...3N.exe

windows7-x64

10

284a6007ee...3N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 04:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    284a6007ee0f5d8c2ed59ecfca7b07b46b7037724f8185d4b33bc8720654e7b3N.exe

  • Size

    206KB

  • MD5

    b677043c4d75f0cce077d397867ea490

  • SHA1

    e96fcf0800c8c0215e6a815f17c013f9bbce4d59

  • SHA256

    284a6007ee0f5d8c2ed59ecfca7b07b46b7037724f8185d4b33bc8720654e7b3

  • SHA512

    0aee7ca659a41e2c24d2025c32497ad0e26bff2cb7272de14f436d04216b1fa5fbfe090e699d7523652579e3880e0d381030c822e7720e11c0aba6267185c92c

  • SSDEEP

    1536:/fsEqouTRcG/Mzvgf7xEuvnXNTRdUzwTekUOisZ1yDDajtXbJdU:/VqoCl/YgjxEufVU0TbTyDDalbU

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\284a6007ee0f5d8c2ed59ecfca7b07b46b7037724f8185d4b33bc8720654e7b3N.exe
    "C:\Users\Admin\AppData\Local\Temp\284a6007ee0f5d8c2ed59ecfca7b07b46b7037724f8185d4b33bc8720654e7b3N.exe"
    1⤵
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2316
    • \??\c:\windows\resources\themes\explorer.exe
      c:\windows\resources\themes\explorer.exe
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1576
      • \??\c:\windows\resources\spoolsv.exe
        c:\windows\resources\spoolsv.exe SE
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2248
        • \??\c:\windows\resources\svchost.exe
          c:\windows\resources\svchost.exe
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops file in System32 directory
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1288
          • \??\c:\windows\resources\spoolsv.exe
            c:\windows\resources\spoolsv.exe PR
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of SetWindowsHookEx
            PID:1144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Resources\Themes\explorer.exe
    Filesize

    206KB

    MD5

    9757b0205167a9144d8721bdb20916ec

    SHA1

    d09596e254f962ea1deddf57ad0e0b3364514601

    SHA256

    d33563491d1ce3507984d7d777532dda4ec37ad553e734ca1ab65b5492e56cd5

    SHA512

    9623951304768c7974555527248eeb5fca6dbab0316c372bada4f2755e8d54dc60694460fdca9b5997155f80df8eae3ef2ab0593019ec72a5c16b5d6830808fd

    Download Submit

  • C:\Windows\Resources\spoolsv.exe
    Filesize

    206KB

    MD5

    235408d104f3712a709bd9fc94d3c180

    SHA1

    64eb9e26c76335e61931983f5587893d724abd20

    SHA256

    9b4ae9805b916c72d6f16f188bee570688b778b7f63b80122a950aee456d8206

    SHA512

    27b691084abbcbf34d1cd9dddbffd25bfdd5ea047adfb0c083d700ad6e2f822bdddc5a0731cc60ab2f281da8d4356beb93b3daa7796e12761a7f6c1ae9d166b3

    Download Submit

  • C:\Windows\Resources\svchost.exe
    Filesize

    206KB

    MD5

    b381d8cef60e52eaff413e211b88656d

    SHA1

    ac22b91864b996f1355476579ed66bb462a26dba

    SHA256

    51db586ef42e64a28073e21142ac1698e102be2a08ba2a5652893d25b296e417

    SHA512

    7aad8605f7380cee382b899af95fe77150cf8778952b4bcafee20c0051d3b223a182a4ceee3aa9ec81147ea09d6fb52aa9bb6fef9e26180e1a5677609c9db461

    Download Submit

  • memory/1144-32-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1288-36-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1576-35-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2248-33-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2316-0-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download

  • memory/2316-34-0x0000000000400000-0x000000000042F000-memory.dmp

    Filesize

    188KB

    Download