Overview

overview

6

Static

static

dcefd56133...89.exe

windows7-x64

1

dcefd56133...89.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    106s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 08:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcefd56133f9aa62fbebaf85ff265d627b967c87db4581e1915b33ebab06e789.exe

  • Size

    172KB

  • MD5

    3c66118313e326cbadbae173bd5f73a9

  • SHA1

    445424426aac2ca7fbaaabcb4270c04e3a4d5f50

  • SHA256

    dcefd56133f9aa62fbebaf85ff265d627b967c87db4581e1915b33ebab06e789

  • SHA512

    f4b47fe86c222c27961ee70fc3c63d14cde736c25fa5814ae019216c1149e1a8e0bfaa7d1da4d349573590a2feeab1dba1306c0c5241a8f02e811fc0180cadb2

  • SSDEEP

    3072:flpEfu5mz5RqgF+Jn9bl9Z2mZTecyUCaHKG3+MKHdTrU0UFSp0:tpwukzt+Jn9bZ2mZT1yUCmZ0UAS

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcefd56133f9aa62fbebaf85ff265d627b967c87db4581e1915b33ebab06e789.exe
    "C:\Users\Admin\AppData\Local\Temp\dcefd56133f9aa62fbebaf85ff265d627b967c87db4581e1915b33ebab06e789.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1328
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=dcefd56133f9aa62fbebaf85ff265d627b967c87db4581e1915b33ebab06e789.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1716

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\B4QRTNM2.txt
    Filesize

    608B

    MD5

    dd93540a284f15c12f331b05d340f269

    SHA1

    2ddbbf87bedaa639567db3365c80624509a86dc1

    SHA256

    e5e6a39bbbcc6870aec668e870235fe3e39269d27bda5477f01665a6754b9d61

    SHA512

    a5feeb8ff87204dff89aec964cc9c88aac70e14c8d6ab350ed278a0dc883bf56a0cf8470e0db53b896b21929bc7304222c6ce13d39dcd133f57ab197b56affce

    Download Submit
  • memory/1328-55-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1328-56-0x0000000000230000-0x0000000000234000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1328-57-0x0000000000270000-0x00000000002A9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1328-58-0x0000000000551000-0x0000000000555000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1328-59-0x0000000001D80000-0x0000000001E80000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/1328-60-0x0000000075FE1000-0x0000000075FE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1328-61-0x0000000000400000-0x000000000042E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1328-62-0x0000000000270000-0x00000000002A9000-memory.dmp
    Filesize

    228KB

    Download