Overview

overview

8

Static

static

262b022e66...67.exe

windows7-x64

8

262b022e66...67.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 12:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    262b022e6645ce594e5160076d5f24195d5be991a15f7728bad7239f2e295c67.exe

  • Size

    706KB

  • MD5

    74c005acc7823b33a171822c1cc2e2cd

  • SHA1

    3afad33013b6675b0dbc6c6c23b295e88c40dc96

  • SHA256

    262b022e6645ce594e5160076d5f24195d5be991a15f7728bad7239f2e295c67

  • SHA512

    fbe47215c64365f111f0aa08852e0bde81776032bee9595818aa775d17bc2c58099c35248b834c2dc02a1cdf6cb8cf271ab58ea9f34385e53773039c7df78ddb

  • SSDEEP

    12288:Kjf995fTiw7JmveH6USn+FQEXlVkGHRHqjDL1cic75+pEO3WDV018MKBuSNMBzSX:K75mveH6USn+FQEXhojP1bcVjV018MKH

Score
8/10
evasiontrojan

Malware Config

Signatures

  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 5 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Drops file in System32 directory 43 IoCs
  • Drops file in Program Files directory 17 IoCs
  • Drops file in Windows directory 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\262b022e6645ce594e5160076d5f24195d5be991a15f7728bad7239f2e295c67.exe
    "C:\Users\Admin\AppData\Local\Temp\262b022e6645ce594e5160076d5f24195d5be991a15f7728bad7239f2e295c67.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1632
  • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:1268
  • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:1272
  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    PID:592
  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:268
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1b4 -InterruptEvent 1a0 -NGENProcess 1a4 -Pipe 1b0 -Comment "NGen Worker Process"
      2⤵
      • Executes dropped EXE
      PID:636
    • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 22c -InterruptEvent 1a0 -NGENProcess 1a4 -Pipe 1b4 -Comment "NGen Worker Process"
      2⤵
      • Executes dropped EXE
      PID:2024
  • C:\Windows\system32\dllhost.exe
    C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    PID:776
  • C:\Windows\system32\IEEtwCollector.exe
    C:\Windows\system32\IEEtwCollector.exe /V
    1⤵
    • Executes dropped EXE
    PID:1700

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
          Filesize

          582KB

          MD5

          8a2757322787a53b6826ad2e4a85c67b

          SHA1

          655c3525c72173b3bb865fc727685f14a67bf721

          SHA256

          98e2bb70eff83f66cf5233c74585d311847f2c475ef7a75c23e504bfab90caae

          SHA512

          8683f154a414ece77a1a8d1e8e31685ad0d57ef4db65e59d18f50f05ba4f371f8bf66d2929d224a3c1365454f029087601f424f33901b0978287e272b16c7f0c

          Download Submit

        • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
          Filesize

          582KB

          MD5

          8a2757322787a53b6826ad2e4a85c67b

          SHA1

          655c3525c72173b3bb865fc727685f14a67bf721

          SHA256

          98e2bb70eff83f66cf5233c74585d311847f2c475ef7a75c23e504bfab90caae

          SHA512

          8683f154a414ece77a1a8d1e8e31685ad0d57ef4db65e59d18f50f05ba4f371f8bf66d2929d224a3c1365454f029087601f424f33901b0978287e272b16c7f0c

          Download Submit

        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          Filesize

          610KB

          MD5

          ec2ee7cb7b9301009a58222739f7ba15

          SHA1

          4d96ccac2ffb1330f03856cc96900c822288c92d

          SHA256

          7fdcdbdc3a03d6fb26a82fe8e82f3c42803d22bf5b8c25fc49a21f3a4a4988da

          SHA512

          ae25efb083a645feb5ae958b7452eee005dfa34e75b0ce04f386cd1ae2535b6839e42809f52dc09e494ec6b67a6398c7fbc18698cb7cd7758b44e616aead2925

          Download Submit

        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          Filesize

          610KB

          MD5

          ec2ee7cb7b9301009a58222739f7ba15

          SHA1

          4d96ccac2ffb1330f03856cc96900c822288c92d

          SHA256

          7fdcdbdc3a03d6fb26a82fe8e82f3c42803d22bf5b8c25fc49a21f3a4a4988da

          SHA512

          ae25efb083a645feb5ae958b7452eee005dfa34e75b0ce04f386cd1ae2535b6839e42809f52dc09e494ec6b67a6398c7fbc18698cb7cd7758b44e616aead2925

          Download Submit

        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          Filesize

          610KB

          MD5

          ec2ee7cb7b9301009a58222739f7ba15

          SHA1

          4d96ccac2ffb1330f03856cc96900c822288c92d

          SHA256

          7fdcdbdc3a03d6fb26a82fe8e82f3c42803d22bf5b8c25fc49a21f3a4a4988da

          SHA512

          ae25efb083a645feb5ae958b7452eee005dfa34e75b0ce04f386cd1ae2535b6839e42809f52dc09e494ec6b67a6398c7fbc18698cb7cd7758b44e616aead2925

          Download Submit

        • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          Filesize

          610KB

          MD5

          ec2ee7cb7b9301009a58222739f7ba15

          SHA1

          4d96ccac2ffb1330f03856cc96900c822288c92d

          SHA256

          7fdcdbdc3a03d6fb26a82fe8e82f3c42803d22bf5b8c25fc49a21f3a4a4988da

          SHA512

          ae25efb083a645feb5ae958b7452eee005dfa34e75b0ce04f386cd1ae2535b6839e42809f52dc09e494ec6b67a6398c7fbc18698cb7cd7758b44e616aead2925

          Download Submit

        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
          Filesize

          559KB

          MD5

          c70f985fd06eade52396cfb6c4e094b1

          SHA1

          96d2d84bdb1b69f92ccc8eb11604dd9e58865c08

          SHA256

          aa835cfa2d76c4b502adf7274b5c46decd6d934a88e3d67903a708d6eb5da408

          SHA512

          d050f0a0eb16251d7301d0052d1a4e836b05554e7c83b6de09515ea09c68d47e67ea3247ba9d7fa14597aabc8a951112532b6b989dc0c0f590683d0038fa05b7

          Download Submit

        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
          Filesize

          559KB

          MD5

          c70f985fd06eade52396cfb6c4e094b1

          SHA1

          96d2d84bdb1b69f92ccc8eb11604dd9e58865c08

          SHA256

          aa835cfa2d76c4b502adf7274b5c46decd6d934a88e3d67903a708d6eb5da408

          SHA512

          d050f0a0eb16251d7301d0052d1a4e836b05554e7c83b6de09515ea09c68d47e67ea3247ba9d7fa14597aabc8a951112532b6b989dc0c0f590683d0038fa05b7

          Download Submit

        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
          Filesize

          590KB

          MD5

          51c38acb61e88d9bf9def00bbf8114d7

          SHA1

          d2d6536b5790dafc8df8017f26a7e7cd82386b41

          SHA256

          204281289e26cd3d0cbba7a1c5579ef5ed159207f87e60af4a8fb4e50208d2d3

          SHA512

          f6bbbff898320accdf7bbd28c93a2c5d2ea447941e8b0f5007315e3f02677e2ba08c3943a0ab643553b17598dfa9ba359bd07cee2b00faa791d3ebc212d778cd

          Download Submit

        • C:\Windows\System32\dllhost.exe
          Filesize

          509KB

          MD5

          3b8f2292a6fd87d46f32618ca985bbfa

          SHA1

          82e69e2e1c9751375198be0e50d5b82515805157

          SHA256

          a4e5e78113beed3e436e8705a9de79aef352f45311c475c2c7be538f5cd5e50e

          SHA512

          8df5c8eec6a0298394b1a3f9f48b2c2b90609bec2fd1c7697d3be6e910b7348590aca141ab7f1c6f787f96f35c8a060f090431fbff62574861ac5be26d884f30

          Download Submit

        • C:\Windows\System32\ieetwcollector.exe
          Filesize

          609KB

          MD5

          da55ee250195ac33abc8e6178181a53c

          SHA1

          29a6a578904c91973c709210ef02b059bf034d5c

          SHA256

          a340ed8300bc5d8289beaf0d9cc776bb49462b11acf98a6043d95adb551e432b

          SHA512

          cbdb5daa95961cedd4233d6883feae86031c5bb258eb5e61c24fb58e68057c786d93357c112eb1f2b5d9333c977d38f8379412140dbeba31934c45e1c249c6fb

          Download Submit

        • \??\c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
          Filesize

          640KB

          MD5

          fd957b47a8df4b03575980fd64cbb2f9

          SHA1

          f760d4f0aa43c0470eb01164b38e24885f7b0471

          SHA256

          75764c7d263eb4e7848a9b4f3386719ec8231c002325b4e3ea6e6911957500ce

          SHA512

          5edecc666336bd8b8e1fdc0b3c7121ae5121a811f80a12b0e13b9f3b1af343e9cddad7f0b7f109af64b0ca693b3bcc51fa253cd37eea46161d3d854170f24bf8

          Download Submit

        • \??\c:\program files (x86)\microsoft office\office14\groove.exe
          Filesize

          30.0MB

          MD5

          07fd79a4fe00e5a5f5451539ec884145

          SHA1

          db3da3e1d46d666aceb1b4c4d30a178aa6743081

          SHA256

          d1d5f928d89b915dacb23f432c7185c7e180a6b6ef47fca9e90f00097d558390

          SHA512

          3f68d976b43e3f246a6acff21d11946f8038d2aa37e8e137afa80fbdc55390f2ce8cddb177d88fc9748fabb3fa4277bd0725782ebff9573b319ec427ca2e825c

          Download Submit

        • \??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
          Filesize

          730KB

          MD5

          d660c74431f914f389a5a0827269dd6d

          SHA1

          10ecc10aca428696ef929b801bb1c4929ec306a3

          SHA256

          9c953adac7b833671655d0dba0cea84d2cb796419e35eca82d34d892d307a5f8

          SHA512

          b217b344ba79baebb2be88b7b139fd68a2b30efc91eb1e4c4cffcde7a96a1e01f00346a700da4a87ff8e30bd72176becf95f6ceb16fb8b2e36890ed259fc15e0

          Download Submit

        • \??\c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
          Filesize

          5.2MB

          MD5

          6d5fea2b1750af0fa54ef11c663a7d89

          SHA1

          0fc83ce4aaae937af9f7886076864053f993228d

          SHA256

          f1b3ad8f9c465b47809c8c721a5b9f3aa17ccb5f9980eb372ca3e6df731e0d5c

          SHA512

          170b8bc7701a9dee8f510a7f899a0799c747acc5630b9a09489cc0f810ebfd1c9237b9a7c51813af13cf8f6571ee2583a172bc091d9ca767c547a6b512cb4695

          Download Submit

        • \??\c:\program files\google\chrome\Application\89.0.4389.114\elevation_service.exe
          Filesize

          1.9MB

          MD5

          f04fddb27cc093d6f49062521907cd40

          SHA1

          2f9373d4e2ba17224d7b0ffcde48d4f213ced426

          SHA256

          d9b95282cf7b1042ed5abf1013caa4d8ad1e41251118efb3304edf46f40abdeb

          SHA512

          042cc94fd509d2a19198bff9fa838e546f51c7b44276b004d6d3e2fc214a3d602ad6ccf6abb94a51dbdb076edcd6b90ce2b8fe34eb87f8c1cbdcae654d88325b

          Download Submit

        • \??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
          Filesize

          536KB

          MD5

          a1300bfc0ae774196f161d164f8f9f08

          SHA1

          4fab70ab2eb47a9b40b0c755e73be8ad6cfd088f

          SHA256

          a44e01275a028aebc4b61c357122e9a71aab536aaaf8325ba319bab3913990e6

          SHA512

          22de3cd67b52e737b61dffff2acf02a4e3c807423ca2a9c58d0e9aba03a0cdcc88ee26b33473527eeee7dd0cb60c1045ec7189180a057e909c24fd3340fb88c6

          Download Submit

        • \??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
          Filesize

          590KB

          MD5

          51c38acb61e88d9bf9def00bbf8114d7

          SHA1

          d2d6536b5790dafc8df8017f26a7e7cd82386b41

          SHA256

          204281289e26cd3d0cbba7a1c5579ef5ed159207f87e60af4a8fb4e50208d2d3

          SHA512

          f6bbbff898320accdf7bbd28c93a2c5d2ea447941e8b0f5007315e3f02677e2ba08c3943a0ab643553b17598dfa9ba359bd07cee2b00faa791d3ebc212d778cd

          Download Submit

        • \??\c:\windows\system32\alg.exe
          Filesize

          577KB

          MD5

          679b74acfbe4e3ec0f4b5ad4770d64be

          SHA1

          6e04162df3ff3125d31d27e0ee3ad1bf225112a4

          SHA256

          c4b8cc57be8de93b924d2696e1941ae45c785f31c44ae4b534af6c8ac49e424d

          SHA512

          c2c66ca96dbc1ba8a55d9f525ff22aa4dd5f43c1712a1670c313b46ea9e802a1ee3015c52d1c161e7f81bac0a1feb8a8f9e4140542ddb965f822db1d81b18ee2

          Download Submit

        • \??\c:\windows\system32\dllhost.exe
          Filesize

          509KB

          MD5

          3b8f2292a6fd87d46f32618ca985bbfa

          SHA1

          82e69e2e1c9751375198be0e50d5b82515805157

          SHA256

          a4e5e78113beed3e436e8705a9de79aef352f45311c475c2c7be538f5cd5e50e

          SHA512

          8df5c8eec6a0298394b1a3f9f48b2c2b90609bec2fd1c7697d3be6e910b7348590aca141ab7f1c6f787f96f35c8a060f090431fbff62574861ac5be26d884f30

          Download Submit

        • \Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
          Filesize

          582KB

          MD5

          8a2757322787a53b6826ad2e4a85c67b

          SHA1

          655c3525c72173b3bb865fc727685f14a67bf721

          SHA256

          98e2bb70eff83f66cf5233c74585d311847f2c475ef7a75c23e504bfab90caae

          SHA512

          8683f154a414ece77a1a8d1e8e31685ad0d57ef4db65e59d18f50f05ba4f371f8bf66d2929d224a3c1365454f029087601f424f33901b0978287e272b16c7f0c

          Download Submit

        • \Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
          Filesize

          582KB

          MD5

          8a2757322787a53b6826ad2e4a85c67b

          SHA1

          655c3525c72173b3bb865fc727685f14a67bf721

          SHA256

          98e2bb70eff83f66cf5233c74585d311847f2c475ef7a75c23e504bfab90caae

          SHA512

          8683f154a414ece77a1a8d1e8e31685ad0d57ef4db65e59d18f50f05ba4f371f8bf66d2929d224a3c1365454f029087601f424f33901b0978287e272b16c7f0c

          Download Submit

        • \Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
          Filesize

          610KB

          MD5

          ec2ee7cb7b9301009a58222739f7ba15

          SHA1

          4d96ccac2ffb1330f03856cc96900c822288c92d

          SHA256

          7fdcdbdc3a03d6fb26a82fe8e82f3c42803d22bf5b8c25fc49a21f3a4a4988da

          SHA512

          ae25efb083a645feb5ae958b7452eee005dfa34e75b0ce04f386cd1ae2535b6839e42809f52dc09e494ec6b67a6398c7fbc18698cb7cd7758b44e616aead2925

          Download Submit

        • \Windows\System32\dllhost.exe
          Filesize

          509KB

          MD5

          3b8f2292a6fd87d46f32618ca985bbfa

          SHA1

          82e69e2e1c9751375198be0e50d5b82515805157

          SHA256

          a4e5e78113beed3e436e8705a9de79aef352f45311c475c2c7be538f5cd5e50e

          SHA512

          8df5c8eec6a0298394b1a3f9f48b2c2b90609bec2fd1c7697d3be6e910b7348590aca141ab7f1c6f787f96f35c8a060f090431fbff62574861ac5be26d884f30

          Download Submit

        • \Windows\System32\dllhost.exe
          Filesize

          509KB

          MD5

          3b8f2292a6fd87d46f32618ca985bbfa

          SHA1

          82e69e2e1c9751375198be0e50d5b82515805157

          SHA256

          a4e5e78113beed3e436e8705a9de79aef352f45311c475c2c7be538f5cd5e50e

          SHA512

          8df5c8eec6a0298394b1a3f9f48b2c2b90609bec2fd1c7697d3be6e910b7348590aca141ab7f1c6f787f96f35c8a060f090431fbff62574861ac5be26d884f30

          Download Submit

        • \Windows\System32\ieetwcollector.exe
          Filesize

          609KB

          MD5

          da55ee250195ac33abc8e6178181a53c

          SHA1

          29a6a578904c91973c709210ef02b059bf034d5c

          SHA256

          a340ed8300bc5d8289beaf0d9cc776bb49462b11acf98a6043d95adb551e432b

          SHA512

          cbdb5daa95961cedd4233d6883feae86031c5bb258eb5e61c24fb58e68057c786d93357c112eb1f2b5d9333c977d38f8379412140dbeba31934c45e1c249c6fb

          Download Submit

        • memory/268-73-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/268-71-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/592-67-0x0000000000400000-0x00000000005C0000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/636-88-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/636-84-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/776-77-0x0000000100000000-0x00000001001CF000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/776-91-0x0000000100000000-0x00000001001CF000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/1268-65-0x0000000010000000-0x00000000101B7000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1268-58-0x0000000010000000-0x00000000101B7000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1272-68-0x0000000010000000-0x00000000101E1000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1272-64-0x0000000010000000-0x00000000101E1000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1632-54-0x0000000000400000-0x00000000005DD000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1632-56-0x0000000000400000-0x00000000005DD000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/1632-55-0x0000000076091000-0x0000000076093000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1700-94-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2024-89-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/2024-87-0x0000000140000000-0x00000001401E8000-memory.dmp

          Filesize

          1.9MB

          Download