Overview

overview

8

Static

static

e6bb450358...95.exe

windows7-x64

8

e6bb450358...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 19:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995.exe

  • Size

    380KB

  • MD5

    18aa0bef445d1f25073ced4b063fd0e0

  • SHA1

    73421424218777d3f41089962b66ab3142c6b983

  • SHA256

    e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995

  • SHA512

    e120e45b2a3149f3359828ba9907d91936f8f7c99d5ece7966c1cdbd31a16bdadd57461226e77cef5474a5f4050ad15f9b425992411ffaeabddb79b7b40ea8f8

  • SSDEEP

    6144:mK5THZhSpD/gc/ZZCtNi4e0WrhMNb1uicaKdIxrtp/USuOIJ0:mK5LyjV/ZZCtk4eVsJ0eT/1R

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995.exe
    "C:\Users\Admin\AppData\Local\Temp\e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1668
    • C:\ProgramData\WebExt\winchk.exe
      C:\ProgramData\WebExt\winchk.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1864
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2024
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
          4⤵
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1992

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\NetExt\udat.dat
          Filesize

          36B

          MD5

          c5704613c7e79e1f947552a2fbcde09b

          SHA1

          efda1a6acb3c0a8c0a3f8737d061f495bd4483b3

          SHA256

          d13d20e5db6ae7d46d801b707f9faa1a55868dc2aa054a661063763c8ddd4c85

          SHA512

          087b04c2c96167efbac02ebf2d7a6df03afda30618aa3170c39d80a9abc126d223a24f4acffe01b2e21c0e9289abe0251c840f9ef49afd6c7b5d75f142dfd886

          Download Submit

        • C:\ProgramData\WebExt\cssys.dll
          Filesize

          48KB

          MD5

          ade69012c36f4d272716464bc105207c

          SHA1

          5d8ce65145f0bde31fbc82f4ae2430845396a05c

          SHA256

          d7224777b5ac61844585f254624476da7c48b9ee157cc694b6d00f60e2531df5

          SHA512

          a241ad16a5506a7f8929c18fa90b2dcd7494977c722198a57f3ead9859f29cc9aa2ae110278b48dbd1b1d12c7fe259e79bfa22b9cb9f1ff52d90a66bae17e344

          Download Submit

        • C:\ProgramData\WebExt\winchk.exe
          Filesize

          380KB

          MD5

          18aa0bef445d1f25073ced4b063fd0e0

          SHA1

          73421424218777d3f41089962b66ab3142c6b983

          SHA256

          e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995

          SHA512

          e120e45b2a3149f3359828ba9907d91936f8f7c99d5ece7966c1cdbd31a16bdadd57461226e77cef5474a5f4050ad15f9b425992411ffaeabddb79b7b40ea8f8

          Download Submit

        • C:\ProgramData\WebExt\winchk.exe
          Filesize

          380KB

          MD5

          18aa0bef445d1f25073ced4b063fd0e0

          SHA1

          73421424218777d3f41089962b66ab3142c6b983

          SHA256

          e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995

          SHA512

          e120e45b2a3149f3359828ba9907d91936f8f7c99d5ece7966c1cdbd31a16bdadd57461226e77cef5474a5f4050ad15f9b425992411ffaeabddb79b7b40ea8f8

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5DP1HQVH.txt
          Filesize

          598B

          MD5

          a7916b73d77b1bf857426cf7e475842b

          SHA1

          32271d85f38e0bb3d4c38eae3745a1c3ecd1c9f0

          SHA256

          7e364488217f7e66f6222f9a167012c5dc9d76b399a7dbf6823c8e9137ec44db

          SHA512

          32046a535c1a7c35c8e24f32a2b71d3a2e6d2d54af211dcff46c900687ea04caac34159f0ab45fdd1553b2d37e88c24812658d75554759232847e22e041b54d7

          Download Submit

        • \ProgramData\WebExt\cssys.dll
          Filesize

          48KB

          MD5

          ade69012c36f4d272716464bc105207c

          SHA1

          5d8ce65145f0bde31fbc82f4ae2430845396a05c

          SHA256

          d7224777b5ac61844585f254624476da7c48b9ee157cc694b6d00f60e2531df5

          SHA512

          a241ad16a5506a7f8929c18fa90b2dcd7494977c722198a57f3ead9859f29cc9aa2ae110278b48dbd1b1d12c7fe259e79bfa22b9cb9f1ff52d90a66bae17e344

          Download Submit

        • \ProgramData\WebExt\cssys.dll
          Filesize

          48KB

          MD5

          ade69012c36f4d272716464bc105207c

          SHA1

          5d8ce65145f0bde31fbc82f4ae2430845396a05c

          SHA256

          d7224777b5ac61844585f254624476da7c48b9ee157cc694b6d00f60e2531df5

          SHA512

          a241ad16a5506a7f8929c18fa90b2dcd7494977c722198a57f3ead9859f29cc9aa2ae110278b48dbd1b1d12c7fe259e79bfa22b9cb9f1ff52d90a66bae17e344

          Download Submit

        • \ProgramData\WebExt\iusys.dll
          Filesize

          52KB

          MD5

          f57b3722fd8d9df069229d3fcf70d00b

          SHA1

          11fa3cecef48dc027d368d8e888bc47554c2d0b5

          SHA256

          fd2faccc01f9b34589236826728810253584bfdf1578fd93c7447df1cbc2f92e

          SHA512

          f15a519cf32623ce663a6603bdfec372d7d20ccae121dce009074627a1acac554a3dae1440a6ba1284b138d6f92f9143f78f83aae6cdbacb301468bef2ed0fb0

          Download Submit

        • \ProgramData\WebExt\winchk.exe
          Filesize

          380KB

          MD5

          18aa0bef445d1f25073ced4b063fd0e0

          SHA1

          73421424218777d3f41089962b66ab3142c6b983

          SHA256

          e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995

          SHA512

          e120e45b2a3149f3359828ba9907d91936f8f7c99d5ece7966c1cdbd31a16bdadd57461226e77cef5474a5f4050ad15f9b425992411ffaeabddb79b7b40ea8f8

          Download Submit

        • \ProgramData\WebExt\winchk.exe
          Filesize

          380KB

          MD5

          18aa0bef445d1f25073ced4b063fd0e0

          SHA1

          73421424218777d3f41089962b66ab3142c6b983

          SHA256

          e6bb450358e56ec1e9dce9bcf916a2928bc33b8647f088ad8cef93f45a9ed995

          SHA512

          e120e45b2a3149f3359828ba9907d91936f8f7c99d5ece7966c1cdbd31a16bdadd57461226e77cef5474a5f4050ad15f9b425992411ffaeabddb79b7b40ea8f8

          Download Submit

        • memory/1668-54-0x0000000075241000-0x0000000075243000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1864-63-0x00000000002C0000-0x00000000002CF000-memory.dmp

          Filesize

          60KB

          Download