Overview

overview

9

Static

static

9

e9bbd5e092...58.exe

windows7_x64

1

e9bbd5e092...58.exe

windows10_x64

1

Analysis

  • max time kernel
    152s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    06-11-2020 10:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9bbd5e0927cb930dbd0504ea525507c5b35fe925f83351b5af8a090d7b06358.exe

  • Size

    142KB

  • MD5

    1d13a6b49319074d8348b569e9b38d93

  • SHA1

    cc3d8c56bfb40c3554541f1071f4cf25c7f29882

  • SHA256

    e9bbd5e0927cb930dbd0504ea525507c5b35fe925f83351b5af8a090d7b06358

  • SHA512

    cc56870e4f9e4d1c839e7a6e7ed051a802ae8c74ef0b81870a27673317b0cd17dc2788725c6c472430c1ba6e270f2894b517f690d629b19d24b4a35b7a3fc177

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 149 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SetWindowsHookEx 30 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9bbd5e0927cb930dbd0504ea525507c5b35fe925f83351b5af8a090d7b06358.exe
    "C:\Users\Admin\AppData\Local\Temp\e9bbd5e0927cb930dbd0504ea525507c5b35fe925f83351b5af8a090d7b06358.exe"
    1⤵
      PID:844
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:744 CREDAT:930820 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:820
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1492
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:1960
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:275457 /prefetch:2
        2⤵
          PID:1112

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s7iy1jn\imagestore.dat
        MD5

        45c6f3e8a4123f0f7c3b6ff41bf50fd2

        SHA1

        9d16a0836fc636950a742c2680f9b9279d1ce2eb

        SHA256

        36264f507db5fe6c11f2b4ddb2eed4d79b413e8becf0e22b8244cd263f63f521

        SHA512

        27b63c9eeff4131fa9714b5e465187809b615ef640ee2bf40f8f2763bf79f45ad94dd3a716066febc1603d3163b10e9330b53dfe00ac155ae73ebe39d3778312

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s7iy1jn\imagestore.dat
        MD5

        45c6f3e8a4123f0f7c3b6ff41bf50fd2

        SHA1

        9d16a0836fc636950a742c2680f9b9279d1ce2eb

        SHA256

        36264f507db5fe6c11f2b4ddb2eed4d79b413e8becf0e22b8244cd263f63f521

        SHA512

        27b63c9eeff4131fa9714b5e465187809b615ef640ee2bf40f8f2763bf79f45ad94dd3a716066febc1603d3163b10e9330b53dfe00ac155ae73ebe39d3778312

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s7iy1jn\imagestore.dat
        MD5

        45c6f3e8a4123f0f7c3b6ff41bf50fd2

        SHA1

        9d16a0836fc636950a742c2680f9b9279d1ce2eb

        SHA256

        36264f507db5fe6c11f2b4ddb2eed4d79b413e8becf0e22b8244cd263f63f521

        SHA512

        27b63c9eeff4131fa9714b5e465187809b615ef640ee2bf40f8f2763bf79f45ad94dd3a716066febc1603d3163b10e9330b53dfe00ac155ae73ebe39d3778312

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s7iy1jn\imagestore.dat
        MD5

        45c6f3e8a4123f0f7c3b6ff41bf50fd2

        SHA1

        9d16a0836fc636950a742c2680f9b9279d1ce2eb

        SHA256

        36264f507db5fe6c11f2b4ddb2eed4d79b413e8becf0e22b8244cd263f63f521

        SHA512

        27b63c9eeff4131fa9714b5e465187809b615ef640ee2bf40f8f2763bf79f45ad94dd3a716066febc1603d3163b10e9330b53dfe00ac155ae73ebe39d3778312

        Download Submit
      • memory/560-1-0x000007FEF81B0000-0x000007FEF842A000-memory.dmp
        Filesize

        2.5MB

        Download
      • memory/820-5-0x0000000000000000-mapping.dmp
        Download
      • memory/844-0-0x00000000003C0000-0x00000000003D1000-memory.dmp
        Filesize

        68KB

        Download
      • memory/1112-13-0x0000000000000000-mapping.dmp
        Download
      • memory/1492-9-0x0000000000000000-mapping.dmp
        Download
      • memory/1568-4-0x00000000062E0000-0x0000000006303000-memory.dmp
        Filesize

        140KB

        Download
      • memory/1568-2-0x0000000000000000-mapping.dmp
        Download
      • memory/1576-3-0x0000000000000000-mapping.dmp
        Download
      • memory/1960-11-0x0000000000000000-mapping.dmp
        Download
      • memory/1964-7-0x0000000000000000-mapping.dmp
        Download