Overview

overview

8

Static

static

66f929612f...a7.exe

windows7-x64

8

66f929612f...a7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 05:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe

  • Size

    223KB

  • MD5

    49578a4ea87965f17a7ba98cefe683d1

  • SHA1

    93737ea214d0b8b8053d81577c0c3570b434617f

  • SHA256

    66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7

  • SHA512

    2a78b77990df5e79aa66b5387b6f282010492082fd1832ded4a11dbf7a406938fd92f067d67135adab2d772c532f54170bad5c07901c6a2ed90932462c2f0f96

  • SSDEEP

    6144:8WqvWaIeG6aViH5T8MtdF7GAghz5AU5VUDwWr7:wIgUE5gW7GlhNiwWr7

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe
    "C:\Users\Admin\AppData\Local\Temp\66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:364
    • C:\Windows\Cnimaa.exe
      C:\Windows\Cnimaa.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1956

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Cnimaa.exe
          Filesize

          223KB

          MD5

          49578a4ea87965f17a7ba98cefe683d1

          SHA1

          93737ea214d0b8b8053d81577c0c3570b434617f

          SHA256

          66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7

          SHA512

          2a78b77990df5e79aa66b5387b6f282010492082fd1832ded4a11dbf7a406938fd92f067d67135adab2d772c532f54170bad5c07901c6a2ed90932462c2f0f96

          Download Submit

        • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
          Filesize

          408B

          MD5

          8bafa04675c1753c4f324c4c9545acb2

          SHA1

          f27d053a51c77573f5cbc0346a6f7677219c7930

          SHA256

          bd10a7e8fc681084237b1545ba6f9dcac3320d7feabe0c992c82e9d27fee4e25

          SHA512

          5ab782d8ca0bf101a47a6e75b73d59abaf02815497183549d39d3c8e6dc079894be2f7a0293587cb973f57a61f995727dbe621a5f5b98e3f071765bd140369e9

          Download Submit

        • memory/364-54-0x0000000076681000-0x0000000076683000-memory.dmp

          Filesize

          8KB

          Download

        • memory/364-55-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/364-61-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/364-62-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1956-60-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1956-63-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download