Overview

overview

6

Static

static

030c28f302...6e.exe

windows7_x64

6

030c28f302...6e.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    144s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    28-05-2022 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    030c28f3023619d0e196b09ab0211c772b737edd66acb8b2f5cac0cd9affe16e.exe

  • Size

    3.9MB

  • MD5

    28899c7da310d4dc6e2615be693f441e

  • SHA1

    e7ee25ab65d83669241c06fdae88d5cac0bd7cf8

  • SHA256

    030c28f3023619d0e196b09ab0211c772b737edd66acb8b2f5cac0cd9affe16e

  • SHA512

    3887ea50b065886397acc2bcf1bf592f0516fe1da8c3a484d7433fb1e1f78bb51e31843887e3fbff2dfa69e71f06c521576cdfe9033d9f97a395bc80a0dcd9af

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\030c28f3023619d0e196b09ab0211c772b737edd66acb8b2f5cac0cd9affe16e.exe
    "C:\Users\Admin\AppData\Local\Temp\030c28f3023619d0e196b09ab0211c772b737edd66acb8b2f5cac0cd9affe16e.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads