Overview

overview

8

Static

static

789de9032e...06.exe

windows7-x64

8

789de9032e...06.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    789de9032e977804c546f0b65041b00ae2e1842e97570747397e0165a8448506.exe

  • Size

    134KB

  • MD5

    441ed591e99f522a1c5c83d3d16158f0

  • SHA1

    d2c03745ed364c355b4e3d66b9453a18c67543d9

  • SHA256

    789de9032e977804c546f0b65041b00ae2e1842e97570747397e0165a8448506

  • SHA512

    87a919811d1be58f66dba4bfc23f137924b59b166ffe92026758f7c21d5350efbbf1180df7aa2457952fdb3f66211d7dae166831c911e9c4879f9103329723ff

  • SSDEEP

    3072:S9ZufRZHR4++Tz3saVFJjO6cbsCuCsywO/FzdXr:S9ZurG/zjO6HWo+X

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\789de9032e977804c546f0b65041b00ae2e1842e97570747397e0165a8448506.exe
    "C:\Users\Admin\AppData\Local\Temp\789de9032e977804c546f0b65041b00ae2e1842e97570747397e0165a8448506.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Windows\Prosua.exe
      C:\Windows\Prosua.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1640

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Prosua.exe
    Filesize

    134KB

    MD5

    441ed591e99f522a1c5c83d3d16158f0

    SHA1

    d2c03745ed364c355b4e3d66b9453a18c67543d9

    SHA256

    789de9032e977804c546f0b65041b00ae2e1842e97570747397e0165a8448506

    SHA512

    87a919811d1be58f66dba4bfc23f137924b59b166ffe92026758f7c21d5350efbbf1180df7aa2457952fdb3f66211d7dae166831c911e9c4879f9103329723ff

    Download Submit

  • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    Filesize

    408B

    MD5

    6a35d9c4b28570d692b739b23f5255f5

    SHA1

    4b21e085d8b8bf44385731af39266a13c6fd8e20

    SHA256

    bbd89ef91b53ec90bc4268c014a5ba4d94bd3e76a2bedcaaf219a5c8132ef3b3

    SHA512

    f63b209eee61a63d562f38b6e1a1180928789132ba34a6d15b32e9dd0db193325a54347e7e67d2b606c364eeb3c929c911954925edecd29b4823d0d18cac5cfb

    Download Submit

  • memory/1064-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1064-55-0x0000000000280000-0x00000000002AA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1064-56-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1064-62-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1064-63-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1640-61-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1640-64-0x0000000000400000-0x000000000043D000-memory.dmp

    Filesize

    244KB

    Download