Overview

overview

1

Static

static

4378be68a5...ac.exe

windows7-x64

1

4378be68a5...ac.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    127s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2022 20:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4378be68a52cfa1b3234739c907b89d310847c6a313c9455ae8bf30ed2f1e5ac.exe

  • Size

    1.2MB

  • MD5

    924db19b444d0416158d90bca8f62cb1

  • SHA1

    4571b8ae2f24c9a13efc0435ccb1281ef34ff8ce

  • SHA256

    4378be68a52cfa1b3234739c907b89d310847c6a313c9455ae8bf30ed2f1e5ac

  • SHA512

    f7ac4b33676b06780a75b7365fa2c9cf45e47a359786ec6949883e6bfd91b0ae489a806dbc6eaf57e6bcb706ce3bcebe1829b09bcd9522f132a3ec3bd25dbcc0

  • SSDEEP

    12288:/DMnvPg/Cr+jeEfijSpRoFRQa2Z7yqZX6kYud+ZPVPPDWV+hJ5Yf:L8A/6cRfij0ol2ttNYud+ZPp7p

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4378be68a52cfa1b3234739c907b89d310847c6a313c9455ae8bf30ed2f1e5ac.exe
    "C:\Users\Admin\AppData\Local\Temp\4378be68a52cfa1b3234739c907b89d310847c6a313c9455ae8bf30ed2f1e5ac.exe"
    1⤵
    • Modifies registry class
    PID:4512
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:5080
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4888

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      deabbdcb221537d48aed54816739f367

      SHA1

      9ce0f0d21d9bd08823732047e19edbbd909396bc

      SHA256

      494de69d83714780f68a1e6871716f3a4a10835e90b4f96e48610c3e8f39e9cf

      SHA512

      95a80c34ddb83e74e51e5d0884dc7433de78b956db8fb2b1fb54e0f158283991edacafd3e7653161767a69f25f9cf537cc1a654d20e3f27bbc54588b3b4bf5e8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      df0dd13b4dd11d7f8044e981d3300628

      SHA1

      74a3db5ffdf07ee17b601ec9a07fbc86d0da4eaa

      SHA256

      d5efe07023590f04b206a9950a2a3ecd35a4d93d6019a1dbe3975ca799b095f5

      SHA512

      f68fbbdc8ed866ea9e574a127740379402b590523cff626345cf59a0cdaf32688a0613f494f405071bc7405a235ceb34d583eed5e0ce931b824ed1ce9925c69f

      Download Submit