Overview

overview

8

Static

static

66f929612f...a7.exe

windows7-x64

8

66f929612f...a7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 05:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe

  • Size

    223KB

  • MD5

    49578a4ea87965f17a7ba98cefe683d1

  • SHA1

    93737ea214d0b8b8053d81577c0c3570b434617f

  • SHA256

    66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7

  • SHA512

    2a78b77990df5e79aa66b5387b6f282010492082fd1832ded4a11dbf7a406938fd92f067d67135adab2d772c532f54170bad5c07901c6a2ed90932462c2f0f96

  • SSDEEP

    6144:8WqvWaIeG6aViH5T8MtdF7GAghz5AU5VUDwWr7:wIgUE5gW7GlhNiwWr7

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe
    "C:\Users\Admin\AppData\Local\Temp\66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Suspicious use of WriteProcessMemory
    PID:1780
    • C:\Windows\Xcigea.exe
      C:\Windows\Xcigea.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:3720

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
          Filesize

          426B

          MD5

          2f40461d361aff1618341c24ad26c09e

          SHA1

          220da0f844cd05277815278f7457487b71a64e8a

          SHA256

          c32e86cbbc5583583e7c0461ce9cefcd80be41f7ad307f6a04ff03b9422f00b2

          SHA512

          3844fe599725b84b42137664c01d25c6fe57f084f9f0f204a5a8ef81bae10d6f3fd684289b3f7b573b5bc8fdb283d89b3c17846366a42ef6750207b03cf089c1

          Download Submit

        • C:\Windows\Xcigea.exe
          Filesize

          223KB

          MD5

          49578a4ea87965f17a7ba98cefe683d1

          SHA1

          93737ea214d0b8b8053d81577c0c3570b434617f

          SHA256

          66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7

          SHA512

          2a78b77990df5e79aa66b5387b6f282010492082fd1832ded4a11dbf7a406938fd92f067d67135adab2d772c532f54170bad5c07901c6a2ed90932462c2f0f96

          Download Submit

        • C:\Windows\Xcigea.exe
          Filesize

          223KB

          MD5

          49578a4ea87965f17a7ba98cefe683d1

          SHA1

          93737ea214d0b8b8053d81577c0c3570b434617f

          SHA256

          66f929612fc030ff1323aa9835b3d98e94069505978f6c231e5cb838d4086aa7

          SHA512

          2a78b77990df5e79aa66b5387b6f282010492082fd1832ded4a11dbf7a406938fd92f067d67135adab2d772c532f54170bad5c07901c6a2ed90932462c2f0f96

          Download Submit

        • memory/1780-132-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1780-133-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1780-138-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1780-140-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/1780-142-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3720-139-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/3720-141-0x0000000000400000-0x000000000043C000-memory.dmp

          Filesize

          240KB

          Download