Overview

overview

10

Static

static

3

58e8e8a32a...0N.exe

windows7-x64

10

58e8e8a32a...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20/09/2024, 09:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    58e8e8a32ae931b7494e7ebd2fc5a4117e67071a61101b69fc5e69be37eb3620N.exe

  • Size

    76KB

  • MD5

    d9b997e3dcadb5b722c757e347e56210

  • SHA1

    1bd0f72acd47b2db5594a5f6d30300ed0ed6cf3f

  • SHA256

    58e8e8a32ae931b7494e7ebd2fc5a4117e67071a61101b69fc5e69be37eb3620

  • SHA512

    be55d4fb076000d589395b1787e6bfd6b52a595d16c120590575d3db7658dabee460ef55f27f9e2105ea7396463525d2c36a9d5a9949e5e43983e81d6cc900b8

  • SSDEEP

    768:XEHoMSL0OXIxDMyDRjFVZrhgFwumSCbxTGy/BBGg4NK8jhh/vn2+mRcDkUCXVBnp:yoM1OX8MUu3abBGy3G8srcfn

Score
10/10
discoveryevasionpersistence

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 6 IoCs
  • Drops file in Program Files directory 62 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\58e8e8a32ae931b7494e7ebd2fc5a4117e67071a61101b69fc5e69be37eb3620N.exe
    "C:\Users\Admin\AppData\Local\Temp\58e8e8a32ae931b7494e7ebd2fc5a4117e67071a61101b69fc5e69be37eb3620N.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2152
    • \??\c:\Documents and Settings\Admin\Application Data\Microsoft\wdsw.exe
      "c:\Documents and Settings\Admin\Application Data\Microsoft\wdsw.exe" 58e8e8a32ae931b7494e7ebd2fc5a4117e67071a61101b69fc5e69be37eb3620N
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Modifies system executable filetype association
      • Adds Run key to start application
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\windows\SysWOW64\maxtrox.txt
    Filesize

    8B

    MD5

    24865ca220aa1936cbac0a57685217c5

    SHA1

    37f687cafe79e91eae6cbdffbf2f7ad3975f5e83

    SHA256

    841e95fa333ed89085bfbab19bb658d96ed0c837d25721411233fa55c860c743

    SHA512

    c8d3f514c72f48fed5de9582c4252cf5466a9d32866d8df3631ba9274ed734bb95139e4909e8116a10947fc1afa1dbeb33809da6ec050e6e4eb83d5241aeb062

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\wdsw.exe
    Filesize

    76KB

    MD5

    84a4fe827217a9a29a7f382a7f30711b

    SHA1

    b2471d566b85cd51d84eaad7611df299a7e7a884

    SHA256

    04572c9f109188e46105e6853ce913d5d766ea72e5198bb43a2e947488bfb118

    SHA512

    ed5d590d49acaf43b3cf26ccfb08865f19aa5cb2d18632fcbf84b5481a90f404b7641a6212c6b821b88ba5d7fea7b494d4872dcbac2efa85ef847563cf3758b8

    Download Submit

  • memory/2152-0-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2152-14-0x00000000002E0000-0x00000000002F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2152-13-0x00000000002E0000-0x00000000002F4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2152-68-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2688-69-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download