Overview

overview

8

Static

static

a88f111ba8...f6.exe

windows7-x64

8

a88f111ba8...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    95s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6.exe

  • Size

    178KB

  • MD5

    4c6cf33fbec78670e3b10da624697380

  • SHA1

    563d157c5141e7fdbc4c93d96534edd9cfb984e2

  • SHA256

    a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6

  • SHA512

    aac67760c489b54758b8899cda102fa0fcbf30bfdee95de54078c71800fd273848ad3719f1c773e4cbd30b6d720c5bb7f9aee2a709fbde57739bfa4890a89478

  • SSDEEP

    3072:tkAwOzhjdRmSZiAqFbrnp+KsYGngUP2Y8VeT8w1RuRFIINjxmAhfhyc:Nw8h/7PCkKsYGgUPTJAYmIINjxmc1

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6.exe
    "C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6mgr.exe
      C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6mgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:3912
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4928
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4928 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2456
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5112 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fd70739fca5345a28f924f9102ae10ee

    SHA1

    6ce3f92183544f3bf52cb76364591589cb940a19

    SHA256

    f238404cc643efddef8ff430f128cdc8ec1513969eaac24b5e5bce81248a91e7

    SHA512

    a787d3a2bceeaed2f2a29f357df6ae17d5b9f66a3c561550d5f83c308ad26a1ddf876488151ff5e51ce93bfb9d0c7b8ca812d595e8d3ebdda7d805707ac1b278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    b2f16eb3f553de24c21f236b30c306c9

    SHA1

    e24d5afa7747f9a21d86d913c929cac2c8f80084

    SHA256

    3755f62a2f693c62cc880771f0fb4db765f3fb7a9f81b988732f3d7a2fe3a662

    SHA512

    3972a895f37c5b3bab1c850b0679fe9a838eb9995967b976833a0a78d63d5c18da9c2ebe75fc6790f14ee6bea57d2ae77c0ef1752052f4caa184e49ede087ec6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6EA3E53-42B9-11ED-89AC-5203DB9D3E0F}.dat
    Filesize

    3KB

    MD5

    cd9ee02736f61a96af05476aebdd150a

    SHA1

    ca296a865161e3994fa0411c8a45db11c069800f

    SHA256

    0a1ee89b4949d6b778d9b828b87cdaa21e1522145a02a507d02c071f6398a461

    SHA512

    8875ee9323a1782108698c32f7536b9c68aca8fb302eb8326e54b1f95c11f0021c2f031222706ded25cb8fb11cc5ccea36a06c891344217853d7a4e30a85b4bd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C6EF0374-42B9-11ED-89AC-5203DB9D3E0F}.dat
    Filesize

    5KB

    MD5

    178517ca2360b5465d27abf65608056f

    SHA1

    f5d6125481d4916d6be6b2ba9f784a5d995a1ecb

    SHA256

    e4dd9182e298e69095fe0aec4ffe3fd9f32ce412a459401af68c907e29582f92

    SHA512

    10b7f4f0a7a946892a27de180dd5de4437ea32b8043d573df6d34c3c1ac904c99eb3ded3216c7635b87fbf3ce45fcc3315d5979bfd1a4f3e5d950b37dedd1616

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a88f111ba85584308c25729606e8a288a11e5cf576d282723562c57816c3c9f6mgr.exe
    Filesize

    88KB

    MD5

    fe76e62c9c90a4bea8f2c464dc867719

    SHA1

    f0935e8b6c22dea5c6e9d4127f5c10363deba541

    SHA256

    5705c47b229c893f67741480ed5e3bce60597b2bb0dd755fb1f499a23888d7d6

    SHA512

    7d6d5bfb10df493ffea7132807be417b5a283d34a1cd49042390b2b927691fd53ecf8eee459c727844395f34e4230b2cd85b38b7fb7df0a3638b244d0c3f6394

    Download Submit

  • memory/2256-139-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2256-141-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2256-143-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3912-144-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/3912-149-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download