Overview

overview

5

Static

static

ece71be302...a0.exe

windows7-x64

5

ece71be302...a0.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    107s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 07:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0.exe

  • Size

    176KB

  • MD5

    81779f89a598d0af547a633be6127d4c

  • SHA1

    989b3eed49eecd37fc1e79f52ab43b863a9c49f4

  • SHA256

    ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0

  • SHA512

    787c8494aa21f2af1da23ce9c38411287beda620666442938b5c38da543ececda4068247ce5e134b92b9c147d2a6b579a1793a833dc14ab33c5e2de38c5caa8e

  • SSDEEP

    3072:JKPyF1ni06CVlUzlIqRN/Sz4N1V+d+hcTcRAAwDPsHa0Dqc3O9L4sq5f9:JKPyFUC8z+qKzc1hvKFs605e4Vf9

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0.exe
    "C:\Users\Admin\AppData\Local\Temp\ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Users\Admin\AppData\Local\Temp\ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0.exe
      "C:\Users\Admin\AppData\Local\Temp\ece71be302b6299225f3e01d6dac7fde813a84bcfc40252dd5dc73195dc460a0.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1080
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1628
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:764
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:764 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:680

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CZ8A5Q2C.txt
          Filesize

          608B

          MD5

          82726687cb484e0b286da6898d4bbb27

          SHA1

          815c296855a4bd5109a3fd54bbadce76695c43df

          SHA256

          17a85439b83ee5efbb83fd9323aff8f167af63fced3da70ac1edbb1212ebf53c

          SHA512

          1874f633ed7c69aa1b2cb4acc183f815e549328481b11b20e3d56a995e547f5a376c389c93f66a0def27511ec2de96eb7365af6d2ee453f2d4bc9b8f9112f887

          Download Submit

        • memory/1056-54-0x0000000075A71000-0x0000000075A73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1080-64-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-58-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-60-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-62-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-56-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-68-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-69-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-72-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-73-0x0000000000490000-0x00000000004DF000-memory.dmp

          Filesize

          316KB

          Download

        • memory/1080-55-0x0000000000400000-0x000000000044F000-memory.dmp

          Filesize

          316KB

          Download