Overview

overview

10

Static

static

f173308f42...0f.exe

windows7-x64

10

f173308f42...0f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 03:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60f.exe

  • Size

    191KB

  • MD5

    44a491739f6038b4c9932f79d8818cbd

  • SHA1

    03d0977f3ac8106f6ff081e27469e0aa9f6b6637

  • SHA256

    f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60f

  • SHA512

    b5969cb99fb2668dcbc594f8d9e76df5d0ffa35156d578edb48f1869809ddf623e36451788536f83e0338ca047be02890ac2174789fd89870b7129ee94d35769

  • SSDEEP

    3072:DHkmXKkEOLFBGrO/bqUVzacXai3GnZt9Ca7HvTDr:DHFXLCrO/brV7Ki2P9CarD

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60f.exe
    "C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60f.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60fmgr.exe
      C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60fmgr.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:4956
      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        "C:\Program Files (x86)\Microsoft\WaterMark.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of UnmapMainImage
        • Suspicious use of WriteProcessMemory
        PID:1448
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\system32\svchost.exe
          4⤵
            PID:2240
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 204
              5⤵
              • Program crash
              PID:3264
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:836
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:836 CREDAT:17410 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:3148
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:860
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:17410 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:3520
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2240 -ip 2240
      1⤵
        PID:1980

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        59KB

        MD5

        6cfe2a6cde791d7db4d31b789ee618e8

        SHA1

        aef964a5582265c77c5e9bc2d114879bf1b85d4c

        SHA256

        6d8582599332623873732616b5e1fc4697e6047b6ab93102c568f84c14877cfa

        SHA512

        fe9e271d608527659de9c0708358585ce655ec747555fce8275993cad601a2db27de9bfc39ad58f3a5610b75de968aaa3939a4bc348ae24d8c2918a61c9f3987

        Download Submit

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        59KB

        MD5

        6cfe2a6cde791d7db4d31b789ee618e8

        SHA1

        aef964a5582265c77c5e9bc2d114879bf1b85d4c

        SHA256

        6d8582599332623873732616b5e1fc4697e6047b6ab93102c568f84c14877cfa

        SHA512

        fe9e271d608527659de9c0708358585ce655ec747555fce8275993cad601a2db27de9bfc39ad58f3a5610b75de968aaa3939a4bc348ae24d8c2918a61c9f3987

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        6a15e3564b9eb382fe5534f59d6fccb4

        SHA1

        911dbc1a988c2d6816beb0c21c4ea5402253b884

        SHA256

        6b478c66c9a2024177d4a478ccea9a82f3162aa87a5125a0dc3750c920bdbc62

        SHA512

        2801f46d495eed08dbb10e73ccda4828faf4ef6b1ff3ff45ce8d73331e692381c25417d15c958f8c3f9c6932300cd0e66b1aad6bb5a92e2bf27b338b6d245711

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        6a15e3564b9eb382fe5534f59d6fccb4

        SHA1

        911dbc1a988c2d6816beb0c21c4ea5402253b884

        SHA256

        6b478c66c9a2024177d4a478ccea9a82f3162aa87a5125a0dc3750c920bdbc62

        SHA512

        2801f46d495eed08dbb10e73ccda4828faf4ef6b1ff3ff45ce8d73331e692381c25417d15c958f8c3f9c6932300cd0e66b1aad6bb5a92e2bf27b338b6d245711

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        544793c2a6fba57b0129b9cdf1fecf5e

        SHA1

        e9a6c8f96d1c9da3f16bb2749eb8b810158c8a18

        SHA256

        72c903e2663250aab41a311a7348c7221375f71ff3d795be53c40e31e5337965

        SHA512

        8182cb25b6eddc9be7d1d322c9de527224b300395bbad76b29e525a37b972638cc0dddcef94277cf30c70fbfd960a0531d3c627c8f519a4df3b5cdcefc931b0e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        434B

        MD5

        3ba14f129b5337472b27c97c3853afb5

        SHA1

        315da1f3a71c8748acc33f1b6adda0dbeef64616

        SHA256

        8cf7d35702bc4c8ad3a42e7bb99760e8b09495cf7f9d93822baac8a6c8a789e7

        SHA512

        4a708fd52dec7d2280f35b524ac68b25b1e30b6c444cbaf13d209de350c9f10347530a87c2d872149079ed707c7ef1b356bfd00ac9b64275a51a6e33cf087fe1

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{55386236-5062-11ED-A0EE-CA596584895B}.dat
        Filesize

        3KB

        MD5

        ebbb8e56a895a7eed6d58f88edd71e5b

        SHA1

        bb1350a43400d17da76e8627b490a2ff2e21c7ff

        SHA256

        2f079d307ae0c33e0df0c2b65170171f6111584c84a558b5a4fef9b40940cf76

        SHA512

        6ce39ae7e7c3cb0365e4b13c85e62be39c4e4ac472ed9d3e925ea1464d10793fcb0d639525039b580cb840dbc90057a72e48c28ce91edd22effb38e5bfd48558

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{553AC2A6-5062-11ED-A0EE-CA596584895B}.dat
        Filesize

        5KB

        MD5

        51b635591ff5265e52c7013ccac31572

        SHA1

        53aff522595e23b0c9c34f5936f4aeac6da7150b

        SHA256

        8d80ac4d268009f244781544e78e4a974f3a5fdc05bed437352da5c4d66ce138

        SHA512

        458a5206756a7cb2a15d25800d37d20fef0f995bf8fd888b7b86e6a4f010452699ac7e7340fbda89045d45043317fba2596a2b5afedcb3cc0b20fa8b1d366314

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60fmgr.exe
        Filesize

        59KB

        MD5

        6cfe2a6cde791d7db4d31b789ee618e8

        SHA1

        aef964a5582265c77c5e9bc2d114879bf1b85d4c

        SHA256

        6d8582599332623873732616b5e1fc4697e6047b6ab93102c568f84c14877cfa

        SHA512

        fe9e271d608527659de9c0708358585ce655ec747555fce8275993cad601a2db27de9bfc39ad58f3a5610b75de968aaa3939a4bc348ae24d8c2918a61c9f3987

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\f173308f4258d74e1bd682f365666d00145b6b7493f189a5dbcb1f5b8ce1e60fmgr.exe
        Filesize

        59KB

        MD5

        6cfe2a6cde791d7db4d31b789ee618e8

        SHA1

        aef964a5582265c77c5e9bc2d114879bf1b85d4c

        SHA256

        6d8582599332623873732616b5e1fc4697e6047b6ab93102c568f84c14877cfa

        SHA512

        fe9e271d608527659de9c0708358585ce655ec747555fce8275993cad601a2db27de9bfc39ad58f3a5610b75de968aaa3939a4bc348ae24d8c2918a61c9f3987

        Download Submit

      • memory/1448-150-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/1448-155-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/1448-153-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/2556-154-0x0000000000400000-0x0000000000445000-memory.dmp

        Filesize

        276KB

        Download

      • memory/2556-132-0x0000000000400000-0x0000000000445000-memory.dmp

        Filesize

        276KB

        Download

      • memory/4956-142-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4956-137-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4956-136-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4956-138-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download

      • memory/4956-139-0x0000000000400000-0x0000000000421000-memory.dmp

        Filesize

        132KB

        Download