Overview

overview

10

Static

static

37402cd487...ac.exe

windows7_x64

10

37402cd487...ac.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    1786s
  • max time network
    1575s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    05-07-2022 20:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac.exe

  • Size

    1.3MB

  • MD5

    4c6aa8c110669a6662c06c7d6b38ba35

  • SHA1

    4dd07af4c8402364e079ee09c1b067a88ffbb799

  • SHA256

    37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac

  • SHA512

    a5c33bc0c55cd1429898f42b12ed4b10e21652129c445ac021533f0bcd653dc90c1686d7a71b2a70edd971f7826d5ea0e74fd7f5affb287518c17a4a8bae458e

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac.exe
    "C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aac.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aacmgr.exe
      C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aacmgr.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:4296
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\system32\svchost.exe
          4⤵
            PID:3408
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 204
              5⤵
              • Program crash
              PID:1232
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1880
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:17410 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:4452
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2644
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:17410 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2956
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3408 -ip 3408
      1⤵
        PID:4472

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        184KB

        MD5

        d059e448bae51f521010cbce8f23643a

        SHA1

        74925d1dc5b0da8ffa87c694a1fef4e8a9697ec0

        SHA256

        c3dc9ae1a07d82a0f41a54d54eea09dfd4a0e12baeaedb278ce207c59ae05655

        SHA512

        7e8fa21ec13d787b1655a1ef794dd812f2f607508af6ba006344a450dc4515d70bd4a338619bc49861583acfbf693c456cc23179950aac02dd41aaf1eeb7b64e

        Download Submit
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        184KB

        MD5

        d059e448bae51f521010cbce8f23643a

        SHA1

        74925d1dc5b0da8ffa87c694a1fef4e8a9697ec0

        SHA256

        c3dc9ae1a07d82a0f41a54d54eea09dfd4a0e12baeaedb278ce207c59ae05655

        SHA512

        7e8fa21ec13d787b1655a1ef794dd812f2f607508af6ba006344a450dc4515d70bd4a338619bc49861583acfbf693c456cc23179950aac02dd41aaf1eeb7b64e

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        831399867695e8e2e44f24eb7b73313c

        SHA1

        403e123384b3ba656e3e1cd3815dad4a1664b224

        SHA256

        833cb46e5f4be363e955f5f3fcd655f1e610d5e33b0ae6c83a714ebfc9723f8c

        SHA512

        17e637f6508aaa1589cde6e4d9e230b6dc02256c2bf1d0dddeea7958496b57582944e1d9fd17b323573f3214f73c99dbf4455cb7ba00075605a498749725ff16

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        831399867695e8e2e44f24eb7b73313c

        SHA1

        403e123384b3ba656e3e1cd3815dad4a1664b224

        SHA256

        833cb46e5f4be363e955f5f3fcd655f1e610d5e33b0ae6c83a714ebfc9723f8c

        SHA512

        17e637f6508aaa1589cde6e4d9e230b6dc02256c2bf1d0dddeea7958496b57582944e1d9fd17b323573f3214f73c99dbf4455cb7ba00075605a498749725ff16

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        69870660290da4db8e50195cad117b35

        SHA1

        05c489f0fde02826ff96b577db49f335b4598589

        SHA256

        c4a673369ac29ca0df838595cb7fbd1e0b0a24f907c6e5c9f2d97e4e54ad9f12

        SHA512

        69e51d4b920ae247147fe98bf9cf9847a5ee81b2f777861c4b4c2aab3f916eeefa801e48e012b59088e0f197e3dfcddb743d1529caa3f30e3340cfcfc9d7623c

        Download Submit
      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        dc964cf537f3b7679adee1f3e8f3c2eb

        SHA1

        f5e9473cb763e2c04b68b70fcbc813c4c460e3a0

        SHA256

        02b82d2b7c19b9402fc8e1fe3e3e5f77fe76c528c575f468d91bd78a9fda62ca

        SHA512

        4a195907c92ea6468ef7eed5a383fbad5ad57111c439459835e644a1e7c712ef2cef66c6b8fd9da53936ab30fc214707edcff3914b3f22e49ce85982058fba2b

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD4621ED-FC9E-11EC-AD90-E289ED121488}.dat
        Filesize

        5KB

        MD5

        dc72360ce40147940eba07e0abc0ece4

        SHA1

        80cf3b29bee8ac8904d8f339a23bdc677872a2c9

        SHA256

        53d89161a723e5dc86bd15d07dfd8488933104a4daeb973cb57c23a28b22fbf9

        SHA512

        4f29472f35173a056cd41cef5e68757d8fb93fd60a6df9f36aff7a18479c6444cc4113e9c65d32f847ddb82a3ed4bf03c175e0aa7173e604a45ac9db51cd71ca

        Download Submit
      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD4D479F-FC9E-11EC-AD90-E289ED121488}.dat
        Filesize

        3KB

        MD5

        c3ae2a1988ddcf4c38f5240ae984f774

        SHA1

        00c72c40d7cfefb68c7f0f38409f3889098d104d

        SHA256

        aa35325ef4a91c5aa5c0a9485008217b73c17264cec7eed2128496948dc1d46f

        SHA512

        603efdd4055211b3011287859b239e0621f07d60701adb6208b56101e3507db52036e69d8584ba9eb1338088477c6d883c40295146a509ac29d2009f9276866e

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aacmgr.exe
        Filesize

        184KB

        MD5

        d059e448bae51f521010cbce8f23643a

        SHA1

        74925d1dc5b0da8ffa87c694a1fef4e8a9697ec0

        SHA256

        c3dc9ae1a07d82a0f41a54d54eea09dfd4a0e12baeaedb278ce207c59ae05655

        SHA512

        7e8fa21ec13d787b1655a1ef794dd812f2f607508af6ba006344a450dc4515d70bd4a338619bc49861583acfbf693c456cc23179950aac02dd41aaf1eeb7b64e

        Download Submit
      • C:\Users\Admin\AppData\Local\Temp\37402cd4871d5beb1ed19079029426bc1330ec6b6e81cc5d6dce66bc0f6b0aacmgr.exe
        Filesize

        184KB

        MD5

        d059e448bae51f521010cbce8f23643a

        SHA1

        74925d1dc5b0da8ffa87c694a1fef4e8a9697ec0

        SHA256

        c3dc9ae1a07d82a0f41a54d54eea09dfd4a0e12baeaedb278ce207c59ae05655

        SHA512

        7e8fa21ec13d787b1655a1ef794dd812f2f607508af6ba006344a450dc4515d70bd4a338619bc49861583acfbf693c456cc23179950aac02dd41aaf1eeb7b64e

        Download Submit
      • memory/2784-144-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/2784-137-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/2784-136-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/2784-131-0x0000000000000000-mapping.dmp
        Download
      • memory/2912-130-0x000000000F860000-0x000000000F9AE000-memory.dmp
        Filesize

        1.3MB

        Download
      • memory/2912-162-0x000000000F860000-0x000000000F9AE000-memory.dmp
        Filesize

        1.3MB

        Download
      • memory/3408-147-0x0000000000000000-mapping.dmp
        Download
      • memory/4296-148-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-155-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-156-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-157-0x0000000000400000-0x0000000000421000-memory.dmp
        Filesize

        132KB

        Download
      • memory/4296-154-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-151-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-150-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-149-0x0000000000400000-0x0000000000438000-memory.dmp
        Filesize

        224KB

        Download
      • memory/4296-138-0x0000000000000000-mapping.dmp
        Download