Analysis

  • max time kernel
    141s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11/11/2024, 12:44

General

  • Target

    5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239bN.exe

  • Size

    114KB

  • MD5

    ae4ef3ccdb7b4e105c23f6b099ec4cb0

  • SHA1

    3d75d4bda09cdf917ef36fb25e831ef9d1782c5c

  • SHA256

    5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239b

  • SHA512

    b49a409c48cf99cb7615434225506849d7dfcca1bcc5cab923dffff381d696a71726a19542783c5b17e6113c480ebc93146d4bcf30c3439934ec075044a6d921

  • SSDEEP

    3072:zZjurA1K+w7KMuu1F+/jmSkmngV5CvMabvl:1V9pj/2+2QDbt

Score
10/10

Malware Config

Signatures

  • Modifies firewall policy service 3 TTPs 2 IoCs
  • Adds policy Run key to start application 2 TTPs 4 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 13 IoCs
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239bN.exe
    "C:\Users\Admin\AppData\Local\Temp\5c3a5108cb13a9cf6aee2ce4962c780e431eb3be5f776fd57992b2e4305c239bN.exe"
    1⤵
    • Modifies firewall policy service
    • Adds policy Run key to start application
    • Sets service image path in registry
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    PID:2060

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\msrpc.exe

          Filesize

          114KB

          MD5

          b3b350729d61cc67f874eb5e87fa8d0d

          SHA1

          3b3346e3f236278709c99b9253326b8946fbb297

          SHA256

          7d1151b9f49db0b091514cbfdbf003980bae6167eb4c86512ac3be55b853736d

          SHA512

          375a6272b9835716535c4792f7788a58eb620d315df9117e0e8088a676c8593a022ccc447f5e9ee05b96979796433e749f3d53b7927e9c9fb6102e8990813f7b

        • memory/2060-0-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

        • memory/2060-17-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

        • memory/2060-18-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

        • memory/2060-19-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB