Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-10-2024 21:29
General
-
Target
5debff980a97f2e43249b349e49097e9d93328d89e531bbb088330b5d9cd33e7.exe
-
Size
34KB
-
MD5
f6d30157008693afcf676cd01fad3c34
-
SHA1
2fc9d6e7e74a1037af398fcfc96ad7fc1cd381cd
-
SHA256
5debff980a97f2e43249b349e49097e9d93328d89e531bbb088330b5d9cd33e7
-
SHA512
0d0bbe3f8b0b4bb8593f4ac619e907b0270f0ca0fbc1973a80978ed24298dcf8ab9cb1d4391929529ca7e29ff341ad77bc3efd8d6ea936c5e05bb3eaede2825e
-
SSDEEP
768:ZUE1vUccrqXdj+Sg7ONPCM6kgjUCJS8YzXBbanqv:ZUGUcGydj+Sg7g6LobFr5YU
Malware Config
Signatures
-
Disables RegEdit via registry modification 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Modifies system executable filetype association 2 TTPs 4 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 10 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 2 IoCs
-
Drops file in Windows directory 12 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies registry class 7 IoCs
-
Suspicious behavior: AddClipboardFormatListener 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SetWindowsHookEx 32 IoCs
-
Suspicious use of WriteProcessMemory 26 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5debff980a97f2e43249b349e49097e9d93328d89e531bbb088330b5d9cd33e7.exe"C:\Users\Admin\AppData\Local\Temp\5debff980a97f2e43249b349e49097e9d93328d89e531bbb088330b5d9cd33e7.exe"1⤵
- Disables RegEdit via registry modification
- Modifies system executable filetype association
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WINWORD.EXEC:\Windows\system32\WINWORD.EXE2⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SPOOL32.EXEC:\Windows\SPOOL32.EXE3⤵
- Executes dropped EXE
- Modifies system executable filetype association
- Enumerates connected drives
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm4⤵
- Modifies Internet Explorer settings
-
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm4⤵
- Modifies Internet Explorer settings
-
-
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3344 CREDAT:17410 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3344 CREDAT:17414 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3344 CREDAT:17420 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3344 CREDAT:17424 /prefetch:24⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows/help.htm3⤵
- Modifies Internet Explorer settings
-
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
34KB
MD5240f122102d0ba7e2de4bf8f9718f651
SHA1ee482eae3dea20bc3a1e4fe62429ce5e7d7ce5e5
SHA2561b20e8f9d4881befca7fd8831eaaa8a0cd15892864bcc19d97cc4c0a2d9b5a10
SHA51245aefb2ca21777d18d822763111a3c7d24bc97f08cd2411b25340b2887aa2dbdd88f66351a3282984946634c649c0cb7e0353093f878e8e60a3af76dc91a8cee
-
Filesize
34KB
MD55500c427e89b948cb15e96242e1c2d84
SHA195b6669844c415e5191e69e23b05c0847c3ab701
SHA256c4eefc1e03d1c7a4dfa8b2d39103dbee9f2e0050f437334ea5a915c4c5674e19
SHA51224ed2ed3cce34b133de60bbccbec7f53f95661d9291c2cae92484152ee85a74f06c7d0a50b7d5f222601623a169fdaa9de13a74b29019edb6cf1ff42315b67e5
-
Filesize
209B
MD5c17f423619cdf9bc2e3f3bf8a4318cf8
SHA16b0bbec2145b0a0aa6423eb0519319a528349349
SHA256b64182d08825d678a2e9427a852d9fec27a6e9cab18c04e6c5633b4ecb126e27
SHA512ab5fe80a13c2263b64eac8cccf2dab6b0f8bc5dc866a19e80493332073ee72a6777e3c90e9ca93b36519e0ea7cdbfce5c26e52f8c9ff25ff7e113557f890a40c
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
4KB
-
Filesize
2.0MB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
2.0MB
-
Filesize
92KB
-
Filesize
92KB