Overview

overview

7

Static

static

38cab2c36a...29.exe

windows7-x64

7

38cab2c36a...29.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    104s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2022 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe

  • Size

    524KB

  • MD5

    66b954f24fb3c847b7ba75e1dfccd91b

  • SHA1

    89ad34c23b0c6c9b8612d8f9a2404fce9bf2e059

  • SHA256

    38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129

  • SHA512

    0df7ec7897aa3496f013bf53f8bbe01beb33bd0d28ee9a7b5d718b21950b024a63a47012f3bda0b2b7d5ecbc7da8e82b9493f2c848d68ced97d630970f76b71f

  • SSDEEP

    12288:hkhIj6W6nGbmuUqvZ0902fEWG3O/Q5lXhyEyFF:hkhjQmuUqve907r+Y5l/

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe
    "C:\Users\Admin\AppData\Local\Temp\38cab2c36aff531287198bbcb44590c352758eaf11d5a56cbd8b728d42909129.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.wa300.com/tj.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1136
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1136 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2004
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\38CAB2~1.EXE
      2⤵
      • Deletes itself
      PID:960

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WJW7LZAB.txt
    Filesize

    608B

    MD5

    82aefa3008aea223c233c51db59e2e5f

    SHA1

    0093890f8f395c30e6376f51105f7b35321554b1

    SHA256

    4334ed3557df04c54a780eade54f1a9ad6dd695260ec0fb3139b78e15eb7fa13

    SHA512

    10044aa7e7b4451520b3c85114c1ed94b439e7de916ae7935a0839a6bb8f005e84095c9179d755879a8111154455db0eee56ba58410d2349f5e6fff4baf50e1d

    Download Submit

  • memory/1660-56-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/1660-58-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download