Overview

overview

5

Static

static

ee47690a89...0a.exe

windows7-x64

5

ee47690a89...0a.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2022 00:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe

  • Size

    218KB

  • MD5

    67741fbd56921fc432b0bb831d48d66c

  • SHA1

    d78ad482ba0fdf5bd50aed35306f2e241e3b61fe

  • SHA256

    ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a

  • SHA512

    fcc06603e2aa368a7f095885e7582387a531b5106345c1e7c0b38275afb1f2b4e1859a487ec16037c7f85ea36e3fc9720f8bfc221ed7ce1a2725e9545fd9fa3f

  • SSDEEP

    3072:QzgM2MYnR49BYIpjyynJFHKfF5Umv4V2AG:qgpepjyw1KfTa2AG

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe
    "C:\Users\Admin\AppData\Local\Temp\ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Users\Admin\AppData\Local\Temp\ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe
      "C:\Users\Admin\AppData\Local\Temp\ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ee47690a894f91745ae23f234d36fe01744d6fd7d0a658d3ca343f81b733150a.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2000
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:828

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VTD6X5SA.txt
    Filesize

    608B

    MD5

    195f6b08aff1b9af32dd90c87cfa8163

    SHA1

    57b790b7f2798e8fab8acdd0178d1c44d40e75a6

    SHA256

    d507d370db5ed5e0fd021ecb852a0c248d124cb849223abf8bc665565400cf93

    SHA512

    3935f7afa91949d1fe5988b36f42e9e93f80b16d5274031f1dd52b2ce78c071914109f7456f56e03f97c0fe7a3b0cc7d82ebf3145d472f7388ad08fa88419566

    Download Submit
  • memory/968-75-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/968-55-0x0000000000230000-0x0000000000240000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-57-0x0000000000250000-0x0000000000260000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-58-0x0000000000260000-0x0000000000270000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-56-0x0000000000240000-0x0000000000250000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-59-0x0000000000270000-0x0000000000280000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-60-0x0000000000280000-0x0000000000290000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-61-0x0000000000290000-0x00000000002A0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-62-0x00000000002B0000-0x00000000002C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/968-63-0x0000000000400000-0x000000000040E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/968-54-0x0000000000220000-0x0000000000230000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1708-65-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-68-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-70-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-71-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-74-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-72-0x0000000000418ECE-mapping.dmp
    Download
  • memory/1708-67-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1708-76-0x0000000076091000-0x0000000076093000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1708-64-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download