Overview

overview

8

Static

static

4ea41f7ef9...82.exe

windows7-x64

8

4ea41f7ef9...82.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    128s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382.exe

  • Size

    1.1MB

  • MD5

    4648010b4817273204c704c838f12bd0

  • SHA1

    b7af6d09390cf178c1d8e9d9bc08f80f26df2d0c

  • SHA256

    4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382

  • SHA512

    534d59472c7a507bc87e577a84a30c52905199375d9296a2a65da3d138b22e75159f07a6e388fa14be04f976447dfd7d315bcd5c031e438fcfe7a8c070ead846

  • SSDEEP

    24576:DbuNsje9WrKKCXp94lfSnRlaMFv2fEetq8ftB6:DbDjSbXMsaivgrtq8ft4

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382.exe
    "C:\Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1896
    • C:\Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382mgr.exe
      C:\Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382mgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2000
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1752
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:432
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1224
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE67C8E1-439D-11ED-8B55-6651945CA213}.dat
    Filesize

    5KB

    MD5

    6541bb7efa4844b63b9626546a7d231f

    SHA1

    ffb4192cd82589a571ea560a53cd5f1171f46d52

    SHA256

    d8425da7533f48eb7bbb5d67f71e1c74ee7e233cd3356e303b08495832043911

    SHA512

    cc7dacb3493dcc8bb788aabfc3c833719995ce84ab159166b45a0b8c18604a5e79ab3ad0617dd432535351723a7adfdbc3ef532af4c3e535e24185afebd6bf29

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CE67EFF1-439D-11ED-8B55-6651945CA213}.dat
    Filesize

    3KB

    MD5

    458251fb7ed24df7ab3defadbb4084ac

    SHA1

    f830fe4df6b7e2213b6fe89a2f66bfd2f81d2d44

    SHA256

    a48aa2f9413ba89e2016a97b1dda1fb9baa8ef51306312de32eca38cfe7f649e

    SHA512

    df3125176e01d2d0571d228ddc44edc333b8afd47f11720b789719febdd9d47a050dfc68066bd0ad336154cab8675440d751bfe33b58b1b52e0747c554bff08a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382mgr.exe
    Filesize

    104KB

    MD5

    84b7783804fa7506672a409e9899c6be

    SHA1

    2da8a6e9c04662564e18cdf98f73e224a5662533

    SHA256

    b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

    SHA512

    8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6SXUUJMT.txt
    Filesize

    608B

    MD5

    6e6816a663df4e7cb9c9ba2b9ad1d47a

    SHA1

    960ebe9e233a236541cf5c515a5dc6bd883209fc

    SHA256

    b01fcec1604e7cad8a2c5897f179a7d58d7de44003296fdfc75497d9af057a8f

    SHA512

    a6778d0fe813273436b778d70d593295dea767bfafbca8440de85ac12e338e3f0c6c9768b5816ec6b256a3ecb7f2f69fe648915ca0c8b762b1822efe155d3381

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382mgr.exe
    Filesize

    104KB

    MD5

    84b7783804fa7506672a409e9899c6be

    SHA1

    2da8a6e9c04662564e18cdf98f73e224a5662533

    SHA256

    b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

    SHA512

    8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\4ea41f7ef97a56281a8289e764f758e6aedf6dd9971e8a1dd3346636141de382mgr.exe
    Filesize

    104KB

    MD5

    84b7783804fa7506672a409e9899c6be

    SHA1

    2da8a6e9c04662564e18cdf98f73e224a5662533

    SHA256

    b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef

    SHA512

    8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c

    Download Submit

  • memory/1896-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1896-59-0x0000000000070000-0x0000000000188000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1896-60-0x0000000000210000-0x0000000000212000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2000-63-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2000-64-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

    Download