Overview

overview

7

Static

static

3

b1251e425a...4e.exe

windows7-x64

7

b1251e425a...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1251e425a94b6e66af3d28d870a3d2fc04100a771d7be85c2c2e17fdf73164e.exe

  • Size

    73KB

  • MD5

    bbdd6da61bc7b21b9c70667747aec648

  • SHA1

    9d5140a2921c5c66bc1d07c151fffbd5f4c03321

  • SHA256

    b1251e425a94b6e66af3d28d870a3d2fc04100a771d7be85c2c2e17fdf73164e

  • SHA512

    de3422044824c222112f17d1d310d1b7272fa5d06030fe19411b60bf5b324fc657256bc532c32fda92c93cedf5c96326b27183025714643cc46a7878fec680a9

  • SSDEEP

    768:agO5xRYi+SfSWHHNvvG5bnl/NqNwsKVDstHxYD0p1aXKynF0vQmYZS0HdJnfWO:RshfSWHHNvoLqNwDDGw02eQmh0HjWO

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 5 IoCs
    persistence
  • Drops file in System32 directory 4 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1251e425a94b6e66af3d28d870a3d2fc04100a771d7be85c2c2e17fdf73164e.exe
    "C:\Users\Admin\AppData\Local\Temp\b1251e425a94b6e66af3d28d870a3d2fc04100a771d7be85c2c2e17fdf73164e.exe"
    1⤵
    • Modifies system executable filetype association
    • Drops file in System32 directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Windows\system\rundll32.exe
      C:\Windows\system\rundll32.exe
      2⤵
      • Executes dropped EXE
      • Modifies system executable filetype association
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\notepad¢¬.exe
    Filesize

    75KB

    MD5

    8c983ee0e4b13c20681ba78a80cb944e

    SHA1

    95360a86873f568236c19037323bcfac3452eb85

    SHA256

    05a75b04d6a89eb81ad54213a1b5cd27db79c351cd4a89f66f0de0dd98fd43f0

    SHA512

    059387eeaac2b9a3846007cc1ba073f69152f59051e8d9f0a36af9967c7340dc301d437717c22d7e6c919f77e1146e0869e94ba0f9bc97199ae6e0d1cd82d68f

    Download Submit

  • C:\Windows\System\rundll32.exe
    Filesize

    78KB

    MD5

    cdd42f20b2cc9fae5937ee02c26d5887

    SHA1

    fb7262cc37a2db832ccdefcc5207f147f43c48c4

    SHA256

    be353c5b071e68c92bdd193c7ae243ff0be8f9327613742a7e967c6b5c797c75

    SHA512

    3c39f5482a72cb81ce53e5fa06cadb1e219fedbd45029dd7bbdf706dd10b0a928587c454ce9c361471190add90712c70dd8d96eb3672cfa9c40668a9061e49d2

    Download Submit

  • memory/1564-14-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2740-0-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download

  • memory/2740-13-0x0000000000400000-0x0000000000415A00-memory.dmp

    Filesize

    86KB

    Download