Analysis
-
max time kernel
152s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
20/10/2022, 05:03
General
-
Target
15c70b04d686fdaf34d2f2df5ac76986df288bf505dd8f413484cbd8699acacc.exe
-
Size
43KB
-
MD5
81935c148dd22cdc3c4a43b07dd1f630
-
SHA1
794e7127574d9f4fa8d2743af9cf39d6dadcbffa
-
SHA256
15c70b04d686fdaf34d2f2df5ac76986df288bf505dd8f413484cbd8699acacc
-
SHA512
3942363bfc6df04edc88bd899e9d1eeb243b16415c6c0aa4f9f0f633bb49e81c435f7a53097eb56a418f9e3fad00acdf13e10b25ec4c23d998ad29a95cc1cdcc
-
SSDEEP
768:xprJMnye6TIYCm/YVB+PtYUU4V9pTJaPF076Gc3dxFWuIdXmXHm:DrJMye6LCTB+PtYUU4VPP7ktrKXmXHm
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 6 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15c70b04d686fdaf34d2f2df5ac76986df288bf505dd8f413484cbd8699acacc.exe"C:\Users\Admin\AppData\Local\Temp\15c70b04d686fdaf34d2f2df5ac76986df288bf505dd8f413484cbd8699acacc.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\windows\svchosts.exeC:\windows\svchosts.exe auto2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\progra~1\Intern~1\iexplore.exeC:\\progra~1\\Intern~1\\iexplore.exe http://jianqiangzhe1.com/AddSetup.asp?id=137&localID=QM00013&isqq=32⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
603B
MD5d162f39c6354ccd9caf1498377918c0d
SHA12c65b3e7bca29c267224c9f8ac96a7559f911460
SHA25635653f39db3730982e7645c72430f23f4e7be6f93977d53d4e1849af0b78d156
SHA512922cee959ea6ce4fd3ed2cfbcf68f636bb22a7eacbde1a58785a54b22a13018c7be594305a04348e2754317c035f631ea69106dc0483ae2136cea384a01f1c95
-
Filesize
43KB
MD581935c148dd22cdc3c4a43b07dd1f630
SHA1794e7127574d9f4fa8d2743af9cf39d6dadcbffa
SHA25615c70b04d686fdaf34d2f2df5ac76986df288bf505dd8f413484cbd8699acacc
SHA5123942363bfc6df04edc88bd899e9d1eeb243b16415c6c0aa4f9f0f633bb49e81c435f7a53097eb56a418f9e3fad00acdf13e10b25ec4c23d998ad29a95cc1cdcc
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
8KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
120KB
-
Filesize
64KB
-
Filesize
8KB