Overview

overview

8

Static

static

3

x7.exe

windows7-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    28-10-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x7.exe

  • Size

    84KB

  • MD5

    e09efaad05046190a36af2cc678107b0

  • SHA1

    5ad40ab0dc651de17dd6f61af60bc5d5cda7ba61

  • SHA256

    3d1f658514e7cfeff847191f7aa169c15e252f394c3724441e22e50c495728fe

  • SHA512

    df6c29d9a35b21fbad83668be95507ecde27c54b58e6fd868b03067ba1699260a40bf3a2feb811e66c2b36a8c27930782493b1e1dc1faea18604eb958eb16d1a

  • SSDEEP

    1536:nE0iZZNDPy2buBDH4JadREO925+R4GAtg:uHxPyQuBYJ5O9n8tg

Score
8/10
discoveryexploit

Malware Config

Signatures

  • Possible privilege escalation attempt 2 IoCs
    exploit
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
    discovery
  • Drops file in System32 directory 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x7.exe
    "C:\Users\Admin\AppData\Local\Temp\x7.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Windows\SysWOW64\takeown.exe
      takeown /F C:\Windows\system32\imm32.dll
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:2788
    • C:\Windows\SysWOW64\icacls.exe
      icacls C:\Windows\system32\imm32.dll /grant administrators:f
      2⤵
      • Possible privilege escalation attempt
      • Modifies file permissions
      • System Location Discovery: System Language Discovery
      PID:2496
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\delf76c4c5.bat
      2⤵
      • Deletes itself
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2180

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\IMM32.DLL
    Filesize

    121KB

    MD5

    af54ea7ad37bc6e5fed955f864f0405f

    SHA1

    dc128a50f0d4e64a61c8c7a30d7a673b2dade6b1

    SHA256

    d6291b1ed2410aa316da8916456c584fcb4d61ec0257c96f1afbf1b9ff3482e3

    SHA512

    d947e4d25c7caccf8d9c61a4c471aeef09053d9c76e38e8632b51c95118421202dee94eb40c1aa70796dd8edc85d649677f27cad089e2041fccec123b25780a6

    Download Submit

  • \??\c:\delf76c4c5.bat
    Filesize

    147B

    MD5

    7415e26ecc351fcd8689ece372761934

    SHA1

    b874412f3d7f4d395386d65e703d7ab2814af86f

    SHA256

    8106e202a30c6dfcdaf9722633b4a10baf70cc1e7c382cd7943ab183f897903d

    SHA512

    3511bae786903347c62e277f909d1fe2868d5e48b6d8c57ad30a8cc49c3c3fd4635e3650c5ed6eb3e79196837355cfc7d4159c08d360aeb827f8229a4b789f76

    Download Submit

  • \Windows\SysWOW64\ole.dll
    Filesize

    56KB

    MD5

    08967c7d045f4517d19090f026a10bd0

    SHA1

    4b9a4cde0738c2bc014005a142a871905b74b916

    SHA256

    eb40ca2c40300cea2adb981e6a46fdbe8bff97ffcadea05841465a66e231962e

    SHA512

    ec65fef91539a131a7c57be37ac20e678e8ec85b05da0388bebde2b63adcb5a56e02fbae3b940aa2290d14c2a066b610943b3a7bd466b0cca3f5ca9021f33f92

    Download Submit

  • memory/2180-13-0x00000000752D0000-0x0000000075340000-memory.dmp

    Filesize

    448KB

    Download

  • memory/2180-15-0x00000000752D0000-0x0000000075340000-memory.dmp

    Filesize

    448KB

    Download