Overview

overview

10

Static

static

1c48f19799...3a.exe

windows7-x64

8

1c48f19799...3a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c48f19799fbd1165bee3d6e19332ae4379a771787e997be166359818bbf283a.exe

  • Size

    361KB

  • MD5

    3228ace2a13c6208cfed81472e7cc4e0

  • SHA1

    f7648432d266370fe50507f9113790a09b1aa678

  • SHA256

    1c48f19799fbd1165bee3d6e19332ae4379a771787e997be166359818bbf283a

  • SHA512

    326e79856f45652045e5ac85968535d5e2c148cdee43e16127d3a3382b34a67b6e69d44c84bfc4577a80caab92cdaf4b9047a52d5789c1f7bd331be69cb9234f

  • SSDEEP

    6144:hflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:hflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c48f19799fbd1165bee3d6e19332ae4379a771787e997be166359818bbf283a.exe
    "C:\Users\Admin\AppData\Local\Temp\1c48f19799fbd1165bee3d6e19332ae4379a771787e997be166359818bbf283a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Temp\qjbpiextmxtlhath.exe
      C:\Temp\qjbpiextmxtlhath.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1016
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\ebyuokhdal.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1660
        • C:\Temp\ebyuokhdal.exe
          C:\Temp\ebyuokhdal.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1816
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1916
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:740 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1136

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • C:\Temp\ebyuokhdal.exe
    Filesize

    361KB

    MD5

    5cbf286d7550b72ae4b45d0f2af63b5b

    SHA1

    42ab448beba11b8bd9e8e55e6ef3f3bba6fd1189

    SHA256

    5ed492f0c740e71a6481828746a8074691e3f382aaf5236f141201b2b660d4e3

    SHA512

    a4a66775a2e258f4ece27839fe39259576e7f91d03c46aa2f5df3355622523629dd39f799696d3b82c91f4ee5f2dde4daba330ccf95dde091892860961b67f21

    Download Submit

  • C:\Temp\qjbpiextmxtlhath.exe
    Filesize

    361KB

    MD5

    0a17e2dca3a0acc41a7f240d7f112e49

    SHA1

    4ceccfa7bfa10d14202a4cdb91c4432d47fcd1e5

    SHA256

    91fd08b5effaffd07d5f0fe1fb28265d90acf5a991f7a8270b5e1c055c075f43

    SHA512

    f94790e6094cecaf3cff082b88dee9ad3c8247c74c06bb9e7a067c1cb6fd66d340351c3dfaec498295a60e28dba29a2633db48e4c4b1803d3bff67647418a576

    Download Submit

  • C:\Temp\qjbpiextmxtlhath.exe
    Filesize

    361KB

    MD5

    0a17e2dca3a0acc41a7f240d7f112e49

    SHA1

    4ceccfa7bfa10d14202a4cdb91c4432d47fcd1e5

    SHA256

    91fd08b5effaffd07d5f0fe1fb28265d90acf5a991f7a8270b5e1c055c075f43

    SHA512

    f94790e6094cecaf3cff082b88dee9ad3c8247c74c06bb9e7a067c1cb6fd66d340351c3dfaec498295a60e28dba29a2633db48e4c4b1803d3bff67647418a576

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    e6fa693d021968f0a6553fd01177aa42

    SHA1

    01fd7ad27246379089b69b1104bd014379d0c272

    SHA256

    4d4fba11077fe914636068fb59c24dd8026824659989e0e2ae913127e45c542d

    SHA512

    e1174bb63f551b2bb596957fd1d6551e1900da6a00dd62ab6026420284c57a7f19fd28fb9fa25a4c1062924d8196a2b064ed8fb1ed049d1e84477e33f17bfa4e

    Download Submit

  • \Temp\qjbpiextmxtlhath.exe
    Filesize

    361KB

    MD5

    0a17e2dca3a0acc41a7f240d7f112e49

    SHA1

    4ceccfa7bfa10d14202a4cdb91c4432d47fcd1e5

    SHA256

    91fd08b5effaffd07d5f0fe1fb28265d90acf5a991f7a8270b5e1c055c075f43

    SHA512

    f94790e6094cecaf3cff082b88dee9ad3c8247c74c06bb9e7a067c1cb6fd66d340351c3dfaec498295a60e28dba29a2633db48e4c4b1803d3bff67647418a576

    Download Submit