Overview

overview

8

Static

static

9b8547cd40...90.exe

windows7-x64

8

9b8547cd40...90.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 17:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90.exe

  • Size

    177KB

  • MD5

    6c6f1ddd045e22f19301d159ecf414f0

  • SHA1

    cfe9f73a6d5a463109eb2fe85047dda0589647f7

  • SHA256

    9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90

  • SHA512

    62aa601c4709d87606a1df4078085595b3cd100a3aacacc09dcb6565e58c3134544f7f24848af242311b201537a81587ee78635ea1638490cfff1e2bfbcebb48

  • SSDEEP

    3072:2/047M+14BEHzWqgUfPNrXuSKp18z2Odknu+vmmWBuxBl11cRQycLRbpgjDD2uK:UwhBEHzWpUfPNr+DRD5fWBuxBl11tbpc

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2576
    • C:\Users\Admin\AppData\Local\Temp\9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90.exe
      "C:\Users\Admin\AppData\Local\Temp\9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90.exe"
      2⤵
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:720
      • C:\Users\Admin\AppData\Roaming\iexptall\Credburn.exe
        "C:\Users\Admin\AppData\Roaming\iexptall\Credburn.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:376
        • C:\Users\Admin\AppData\Local\Temp\~8031.tmp
          "C:\Users\Admin\AppData\Local\Temp\~8031.tmp"
          4⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:5112
      • C:\Windows\SysWOW64\cmd.exe
        /C 240549984.cmd
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:728
        • C:\Windows\SysWOW64\attrib.exe
          attrib -r -s -h "9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90.exe"
          4⤵
          • Views/modifies file attributes
          PID:4784
  • C:\Windows\SysWOW64\autoabel.exe
    C:\Windows\SysWOW64\autoabel.exe -k
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    PID:4252

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\240549984.cmd
    Filesize

    291B

    MD5

    aa2431e917da6856df27e3be647f257b

    SHA1

    d90b858918b977a6a8aae561e3b3399d0310f862

    SHA256

    d1cfc59d5323c2a7ee79919ffc2a3e21180b3488176185e1d43657fe4c82c27b

    SHA512

    09a1f96c1af238becc17c55f3af13d5905223c4fc81b336881850d2089ab74284ab41d582297b975393bde8091100a09f1589ffcb7c825016c14a79433cf757d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~8031.tmp
    Filesize

    6KB

    MD5

    77acb1d40891c91b4b48a61377e256d0

    SHA1

    15d724a083fed8705c08220d214aa6492d9e0514

    SHA256

    42c7654bf5871e8d777b9db3c32bdbbaa313ffd1cfe6245f2abcb757ec9a51b5

    SHA512

    f17512350ec5217fb3fdb6d9991ed7189bdff7c9dd70a4b1c38c88df52d02ce1fe6af9468e8bcfdb78416975e5a3e7219fb7b3b47f9da112652bca051ffe4607

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~8031.tmp
    Filesize

    6KB

    MD5

    77acb1d40891c91b4b48a61377e256d0

    SHA1

    15d724a083fed8705c08220d214aa6492d9e0514

    SHA256

    42c7654bf5871e8d777b9db3c32bdbbaa313ffd1cfe6245f2abcb757ec9a51b5

    SHA512

    f17512350ec5217fb3fdb6d9991ed7189bdff7c9dd70a4b1c38c88df52d02ce1fe6af9468e8bcfdb78416975e5a3e7219fb7b3b47f9da112652bca051ffe4607

    Download Submit

  • C:\Users\Admin\AppData\Roaming\iexptall\Credburn.exe
    Filesize

    177KB

    MD5

    6c7441c898243aaa074699f00467217b

    SHA1

    6b4b9605ba45faaceb425d22bd363a0c33ac7e07

    SHA256

    a09a49eeb55c71827185c606541a218ac899271407decf0586007341446de9f4

    SHA512

    b847c1bd5341240bbb5de7578f9aa30aac3310c4ead63ee768c5c86ff78dd83c74cd10cbf9dd1f1e57bc8b12ca590a96bb331560a284546413c5c6fc401daf68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\iexptall\Credburn.exe
    Filesize

    177KB

    MD5

    6c7441c898243aaa074699f00467217b

    SHA1

    6b4b9605ba45faaceb425d22bd363a0c33ac7e07

    SHA256

    a09a49eeb55c71827185c606541a218ac899271407decf0586007341446de9f4

    SHA512

    b847c1bd5341240bbb5de7578f9aa30aac3310c4ead63ee768c5c86ff78dd83c74cd10cbf9dd1f1e57bc8b12ca590a96bb331560a284546413c5c6fc401daf68

    Download Submit

  • C:\Windows\SysWOW64\autoabel.exe
    Filesize

    177KB

    MD5

    6c6f1ddd045e22f19301d159ecf414f0

    SHA1

    cfe9f73a6d5a463109eb2fe85047dda0589647f7

    SHA256

    9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90

    SHA512

    62aa601c4709d87606a1df4078085595b3cd100a3aacacc09dcb6565e58c3134544f7f24848af242311b201537a81587ee78635ea1638490cfff1e2bfbcebb48

    Download Submit

  • C:\Windows\SysWOW64\autoabel.exe
    Filesize

    177KB

    MD5

    6c6f1ddd045e22f19301d159ecf414f0

    SHA1

    cfe9f73a6d5a463109eb2fe85047dda0589647f7

    SHA256

    9b8547cd40cd680d482eeae2d9d1f8f6885ccd40280a51ebd7d88884ebdaab90

    SHA512

    62aa601c4709d87606a1df4078085595b3cd100a3aacacc09dcb6565e58c3134544f7f24848af242311b201537a81587ee78635ea1638490cfff1e2bfbcebb48

    Download Submit

  • memory/720-132-0x0000000000900000-0x0000000000940000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2576-143-0x0000000002DE0000-0x0000000002E23000-memory.dmp

    Filesize

    268KB

    Download

  • memory/4252-142-0x0000000000760000-0x00000000007A0000-memory.dmp

    Filesize

    256KB

    Download