Overview

overview

6

Static

static

b325401683...36.exe

windows7-x64

6

b325401683...36.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b32540168310be34c52c397c44fd7543fef80d1eecbe2bb50874d36b32be5936.exe

  • Size

    1.6MB

  • MD5

    4d7b1fca0bf79c35469623d54f92899e

  • SHA1

    317eaf1241dfae5995b315a12ee42eeb92bb6223

  • SHA256

    b32540168310be34c52c397c44fd7543fef80d1eecbe2bb50874d36b32be5936

  • SHA512

    4d561b70bc027e26d552849e8e155171364edf69628d09229347c97764420af6e328e7d7c72f835bdc5e4f6a610d0d5abcb73af1b52e29f92f46b4ba7f01ec4a

  • SSDEEP

    24576:2RX+TZ7IV7gXFrhe1GxFhAX+TZ7IV7gXFrhe1Gx2:eOxIVMX1he1Gx7cOxIVMX1he1Gx2

Score
6/10
collection

Malware Config

Signatures

  • Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs
    collection
  • Drops file in System32 directory 14 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b32540168310be34c52c397c44fd7543fef80d1eecbe2bb50874d36b32be5936.exe
    "C:\Users\Admin\AppData\Local\Temp\b32540168310be34c52c397c44fd7543fef80d1eecbe2bb50874d36b32be5936.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s scrrun.dll
      2⤵
        PID:804
    • C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" -Embedding
      1⤵
      • Accesses Microsoft Outlook profiles
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • outlook_win_path
      PID:320

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/320-60-0x0000000072321000-0x0000000072323000-memory.dmp

      Filesize

      8KB

      Download

    • memory/320-61-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/320-62-0x000000007330D000-0x0000000073318000-memory.dmp

      Filesize

      44KB

      Download

    • memory/320-63-0x000000006C9E1000-0x000000006C9E3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/320-64-0x000000006C741000-0x000000006C743000-memory.dmp

      Filesize

      8KB

      Download

    • memory/320-65-0x000000007330D000-0x0000000073318000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1648-54-0x0000000075811000-0x0000000075813000-memory.dmp

      Filesize

      8KB

      Download