Overview

overview

10

Static

static

60b1acf218...c5.exe

windows7-x64

8

60b1acf218...c5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2022, 14:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    60b1acf218476b5cbe56a668428ac558f3c722d8c918111244c6caf71f4210c5.exe

  • Size

    361KB

  • MD5

    4246a8cbe8ae159f7deae34ebea64180

  • SHA1

    08353a04ea8141583bcb666e17a1768563a10bbf

  • SHA256

    60b1acf218476b5cbe56a668428ac558f3c722d8c918111244c6caf71f4210c5

  • SHA512

    ac9833005a28f7743c07e374a796e6f592dd587bb2405336070c429cf58c46b94d0611c27a36e5331a20e6812cd3b1f1b3fdcdb4e5be8b90989809fe1d44b3ac

  • SSDEEP

    6144:MflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:MflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60b1acf218476b5cbe56a668428ac558f3c722d8c918111244c6caf71f4210c5.exe
    "C:\Users\Admin\AppData\Local\Temp\60b1acf218476b5cbe56a668428ac558f3c722d8c918111244c6caf71f4210c5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Temp\gxtokjesnjhdzmig.exe
      C:\Temp\gxtokjesnjhdzmig.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\nbxuuqmjif.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:2008
        • C:\Temp\nbxuuqmjif.exe
          C:\Temp\nbxuuqmjif.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1752
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1608
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:664

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • C:\Temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • C:\Temp\gxtokjesnjhdzmig.exe
          Filesize

          361KB

          MD5

          f11afd3fff5bfd6dbaf7c24a11d79c93

          SHA1

          7a3e1220b117a470b85a3dae17ff66d57a1d8b7e

          SHA256

          fe2660ec9e52f0cad5b043221cf2858be07cd1dbe605d006af6c27b65dcac8ce

          SHA512

          15bdc5bb2bb9af8eef0fad9db303dcf1382d532d187027225a0294d6f97a309257ec3577b57c16cbf039fcc3508536eb3dd9990754ce4806b62230dcfc6c0d11

          Download Submit

        • C:\Temp\gxtokjesnjhdzmig.exe
          Filesize

          361KB

          MD5

          f11afd3fff5bfd6dbaf7c24a11d79c93

          SHA1

          7a3e1220b117a470b85a3dae17ff66d57a1d8b7e

          SHA256

          fe2660ec9e52f0cad5b043221cf2858be07cd1dbe605d006af6c27b65dcac8ce

          SHA512

          15bdc5bb2bb9af8eef0fad9db303dcf1382d532d187027225a0294d6f97a309257ec3577b57c16cbf039fcc3508536eb3dd9990754ce4806b62230dcfc6c0d11

          Download Submit

        • C:\Temp\nbxuuqmjif.exe
          Filesize

          361KB

          MD5

          8297af5db0f9634cb3691ee13580c7cd

          SHA1

          97b349c4006fa8efbc4a3681df1028005ac0dda6

          SHA256

          15e5b00d8ede20aa2087dd3fbb49c03c7e8148e72779a792fca027cdb360843b

          SHA512

          6e3f1ab47f9b49c946b2f956986b34839470eb8aa7e737276d73159014538d92c3ef2236a7f65a62977e10680f8b119352820c4d564bd64254f7bd6ff3d51712

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NG7Y955Y.txt
          Filesize

          608B

          MD5

          14423ab5ea0eb07c0ce0b997f8b6ab88

          SHA1

          ace7310f26b7a4614bfbb1ba0662d58068a86999

          SHA256

          313ef5dc0f37959d6180bae28598461328ca05f882ecadc9ed3e27628d464cbb

          SHA512

          9578b6c9586798418a0426234f4824f22f96145ca65435f4d75527ce89baedd104a3415ebe971b3d7a9ebc6ca1f568a477d631b92e00f651de430a47cdc8d959

          Download Submit

        • C:\temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • \Temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • \Temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • \Temp\CreateProcess.exe
          Filesize

          3KB

          MD5

          ebb530336e0a657bcbcbe1c321d0bd14

          SHA1

          1f3dcb5f15c39672e04f440528f63a8da0386227

          SHA256

          d4d71eb26f187b16cab9ba801985804b49bf0862e0d0f3bcd69feddca1e1f882

          SHA512

          94715e3db68ff3699c03871bfa989d40d289d339221b52b3d41fb5efb64bd188a9909b358708b2afed0835ed6a3932db1e99233b80a042f3b1e95ea96839e5dc

          Download Submit

        • \Temp\gxtokjesnjhdzmig.exe
          Filesize

          361KB

          MD5

          f11afd3fff5bfd6dbaf7c24a11d79c93

          SHA1

          7a3e1220b117a470b85a3dae17ff66d57a1d8b7e

          SHA256

          fe2660ec9e52f0cad5b043221cf2858be07cd1dbe605d006af6c27b65dcac8ce

          SHA512

          15bdc5bb2bb9af8eef0fad9db303dcf1382d532d187027225a0294d6f97a309257ec3577b57c16cbf039fcc3508536eb3dd9990754ce4806b62230dcfc6c0d11

          Download Submit