Overview

overview

8

Static

static

6b31407854...0b.exe

windows7-x64

8

6b31407854...0b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2022 00:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440b.exe

  • Size

    179KB

  • MD5

    77f21ab212c513d9f6209c50ecc17d90

  • SHA1

    0a2e6120143a2a65ea1657ae5a73154214190f32

  • SHA256

    6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440b

  • SHA512

    f1cd4dd47789d838a1d31ca86faa136023b38feb3507ba2c789c68e58381a5f0fac4460fe2db1dd5396d22d7e7382c82990045da95dfc7eab0b0546d0737aa7e

  • SSDEEP

    3072:akAwOzhjdRmSZiAqFbrnp+KsYGngDrSsi5LNURwM/0j4IJqmxOilu+jGvCsfe4mf:+w8h/7PCkKsYGgDrS1L2wDMIgmxBuKM6

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440b.exe
    "C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440b.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440bmgr.exe
      C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440bmgr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3992
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3992 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1212
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fceed7a5f76725fb398c6a91ff552899

    SHA1

    237aec000ae7c7c35a639664b1ad6c0d842a0749

    SHA256

    2888c66a6908f10474313b2fef31aeeff40cffe1bcbd19b84b29334ff6a71383

    SHA512

    adfba4e72523d38395c13122d6498d9b48d93b2967858f0208549e3830c9b47ee3e98249b98fe585aeeeffe491a6985a98c80a3be581abccf4239bad4d1cdef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    fceed7a5f76725fb398c6a91ff552899

    SHA1

    237aec000ae7c7c35a639664b1ad6c0d842a0749

    SHA256

    2888c66a6908f10474313b2fef31aeeff40cffe1bcbd19b84b29334ff6a71383

    SHA512

    adfba4e72523d38395c13122d6498d9b48d93b2967858f0208549e3830c9b47ee3e98249b98fe585aeeeffe491a6985a98c80a3be581abccf4239bad4d1cdef3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    90be0381cf59b9ab98639063ce8f86d1

    SHA1

    e78989c4181067548d0cd0c5b65490689b2e5e8b

    SHA256

    3a46bb2c2755854d6d0046e6d9fffb2e82792bfb03362d71533df4a27e7e8600

    SHA512

    67f0ee5e632826c5eb3e0f4ea21123810af98e5f5e0e8d62c094654ae2e1886fef67b6285125d2b8e8a77d93f909d8a485c76c6765fbab38bb2396170af6152c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    2955fb8cfc1f966330391752c392ff53

    SHA1

    09244db66eda9987c40b8f10f4a35c303ba25b83

    SHA256

    8d4a7d6d75446a267be3a549f856aac71abae24bd7cf16df892ac11b1d8d280e

    SHA512

    1e95f3ec5ea0141a2629106f34b7a96d4b293df47ffeda102fb88c7ea56f17331e10ca3523b01f35e338ba770e3d2a84145e38660dd1b41be0dfdd93b81f6d02

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6C2B4D12-48F9-11ED-A0EE-62142853BA25}.dat
    Filesize

    3KB

    MD5

    9ee41b032ff4ef3b56ec9f97e31f64a2

    SHA1

    fb533ea784468c1a4a42dc82761a8a145e58cae5

    SHA256

    cf9f59199231f7d14f5777ccc1476519e3b77e66bfe42076a6fec4b81bbb4a81

    SHA512

    d5c68623e62b4c816c3432b77acc176087afaffa670f1fd062eabba65b3d2a41e33215ad57cbc073af539520c5172ce45daf14767589f2d2a9dbfb5007be0a33

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6C327526-48F9-11ED-A0EE-62142853BA25}.dat
    Filesize

    5KB

    MD5

    68b3b56dabe1726cf7f06b86bbbee1b2

    SHA1

    d251ad10bd403721710f5d6cbeeb58679a265d6e

    SHA256

    4a2d43af7168b23fac33462b192d3d508fd598f08ea608af0d2542af1bd71440

    SHA512

    5d82bd95603fe20b341f7a1e2e3186a75a0b75bccc010b5985d4cfea271a1a1ec56d2c94ee3a3f7c0cebc8b07d0cd21485c150cd83e1fac1a4759a0c6b12adff

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440bmgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\6b31407854cdf85811a775c88d01fe778f103336bcd9fd4b7fa6dcc98ab9440bmgr.exe
    Filesize

    88KB

    MD5

    a61ea5f2325332c52bff5bce3d161336

    SHA1

    3a883b8241f5f2efaa76367240db800d78a0209c

    SHA256

    e6f8a54ed663061527ab46b8e8efc2a0f3c99ae77829c0be0e50eb5b1b48415b

    SHA512

    fae031e0e7dcd719240bfe94a3f78d1aac73060324d5b65e0cbe564ce6d6781aaa5e930f0729293e3b502b7d07f53f3a72fb2048d44d93d36851aab8330479e5

    Download Submit

  • memory/3404-139-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3404-141-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/3404-143-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

    Download