Overview

overview

8

Static

static

cfd24ac0d3...7e.exe

windows7-x64

8

cfd24ac0d3...7e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    132s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2022 18:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e.exe

  • Size

    637KB

  • MD5

    eb8e1312e74b4c133e5bb4ffabbf1e58

  • SHA1

    23acc1c64a29bd81a7c7270c60b72c7a8dd1ad1d

  • SHA256

    cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e

  • SHA512

    e002c41be05da011c75e17d88867ec163a7f18d08637c734dad17e1fc3d5f996ea98a2d87266ed63480d1389015a71f6d477285e8cda4d3c9882f6aca434ba5d

  • SSDEEP

    12288:8ecC/877yw/lnqshM7jpajFpF3Z4mxxODqVTVOCkQO0:3wnG7jpajFpQmXdVTzkb0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 9 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e.exe
    "C:\Users\Admin\AppData\Local\Temp\cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.bat
      2⤵
        PID:4944
    • C:\Windows\winlt.exe
      C:\Windows\winlt.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:5084
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2744

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\uninstal.bat
        Filesize

        254B

        MD5

        6b1d3bcd9858cbbb243caf75ea30e63d

        SHA1

        e6a3e45756d2ebd575a030e6993a5d40e1120d4b

        SHA256

        24762cdc45de69c2e3c2c173d6e342aa2b2fd5bf96602405df146bac4b08b5ab

        SHA512

        4a719cfe3cc7d21e1e453414f21abca204bddd89ef9e5c9352d6423049fe51d6347ff3fb331f918b1ad6d79dcf92e72caea7fb6db487dc328c8c04f932dd8b44

        Download Submit

      • C:\Windows\winlt.exe
        Filesize

        637KB

        MD5

        eb8e1312e74b4c133e5bb4ffabbf1e58

        SHA1

        23acc1c64a29bd81a7c7270c60b72c7a8dd1ad1d

        SHA256

        cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e

        SHA512

        e002c41be05da011c75e17d88867ec163a7f18d08637c734dad17e1fc3d5f996ea98a2d87266ed63480d1389015a71f6d477285e8cda4d3c9882f6aca434ba5d

        Download Submit

      • C:\Windows\winlt.exe
        Filesize

        637KB

        MD5

        eb8e1312e74b4c133e5bb4ffabbf1e58

        SHA1

        23acc1c64a29bd81a7c7270c60b72c7a8dd1ad1d

        SHA256

        cfd24ac0d374fef69ee5148befe796c84d533b8b04ec965c731106aaf9ad937e

        SHA512

        e002c41be05da011c75e17d88867ec163a7f18d08637c734dad17e1fc3d5f996ea98a2d87266ed63480d1389015a71f6d477285e8cda4d3c9882f6aca434ba5d

        Download Submit

      • memory/2732-141-0x0000000000400000-0x000000000051E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2732-134-0x00000000034C0000-0x00000000035C0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/2732-132-0x0000000000400000-0x000000000051E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/2732-142-0x00000000022E0000-0x0000000002334000-memory.dmp

        Filesize

        336KB

        Download

      • memory/2732-133-0x00000000022E0000-0x0000000002334000-memory.dmp

        Filesize

        336KB

        Download

      • memory/4944-140-0x0000000000000000-mapping.dmp

        Download

      • memory/5084-137-0x0000000000400000-0x000000000051E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/5084-138-0x0000000000EA0000-0x0000000000EF4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/5084-139-0x0000000002030000-0x0000000002130000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/5084-144-0x0000000000400000-0x000000000051E000-memory.dmp

        Filesize

        1.1MB

        Download

      • memory/5084-145-0x0000000000EA0000-0x0000000000EF4000-memory.dmp

        Filesize

        336KB

        Download

      • memory/5084-146-0x0000000002030000-0x0000000002130000-memory.dmp

        Filesize

        1024KB

        Download