Overview

overview

10

Static

static

a58576116c...9d.exe

windows7-x64

10

a58576116c...9d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-11-2022 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a58576116c631a49cbc281b6e20671fa0c765eb4395f3237185d7eebdcad279d.exe

  • Size

    668KB

  • MD5

    0dd06752be38f3b39d85ca91e9165c40

  • SHA1

    9932cf07592dab1adc6426e53a12d8ebf8743e78

  • SHA256

    a58576116c631a49cbc281b6e20671fa0c765eb4395f3237185d7eebdcad279d

  • SHA512

    176cb6115cfa2cd7bbdbed97c26ab051ae332c57910ae3d51e79cb577b0b6a26bb950a2a89de1af48ae50600ed1fe5687ed31341b676d74430fdd849e1c9b51c

  • SSDEEP

    12288:n6ETd/o2EDrAnpxfgr3tgRKc6svHfP/K0Ie86tdyD9A+RtOkyiAs3BgQgB:nFThp6sv/PC0Vte9XO55s3BAB

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks for any installed AV software in registry 1 TTPs 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SendNotifyMessage 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a58576116c631a49cbc281b6e20671fa0c765eb4395f3237185d7eebdcad279d.exe
    "C:\Users\Admin\AppData\Local\Temp\a58576116c631a49cbc281b6e20671fa0c765eb4395f3237185d7eebdcad279d.exe"
    1⤵
    • Loads dropped DLL
    • Checks for any installed AV software in registry
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:4348

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Security Software Discovery

1
T1063

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\360net_857.dll
    Filesize

    49KB

    MD5

    f6c560ecd7497fe57d1bd71c37b5b59d

    SHA1

    f87aee6d3163962484b4f95226c83df3e6150c3e

    SHA256

    4343e6d1223f6e50c1e953ecb77753bbc0211a6b2df397435172cfeee29d7e26

    SHA512

    ed61e63f98e88d6ba1285417c425cd7e8a5646cf9d03a5bb7b0171254eefa52409af34d2fbaffa3502b6a234e92ca904dce00ce8067ee37ab55b18aabd22951e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\360net_857.dll
    Filesize

    49KB

    MD5

    f6c560ecd7497fe57d1bd71c37b5b59d

    SHA1

    f87aee6d3163962484b4f95226c83df3e6150c3e

    SHA256

    4343e6d1223f6e50c1e953ecb77753bbc0211a6b2df397435172cfeee29d7e26

    SHA512

    ed61e63f98e88d6ba1285417c425cd7e8a5646cf9d03a5bb7b0171254eefa52409af34d2fbaffa3502b6a234e92ca904dce00ce8067ee37ab55b18aabd22951e

    Download Submit
  • C:\Windows\SysWOW64\olemdb32.dll
    Filesize

    23KB

    MD5

    65387b1305f01ede9bce1b664207d5d7

    SHA1

    19d719d16958e6a1c5367b578cb9ff7700e695bf

    SHA256

    148f1d2ce99fb0305e53fd24add20cd19cc420e9c1d1b64abf42b456da94cd23

    SHA512

    cd64957c47979626be9a77b2a2ee2d0b22b72540369a4b6cfe1c1c9f8180b546db0b6e637259dd8f7a09506d738ec57fc34b116e199641c40f55e0d5b40a2a29

    Download Submit
  • memory/4348-135-0x0000000002870000-0x000000000287B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/4348-136-0x0000000000400000-0x00000000004A9000-memory.dmp
    Filesize

    676KB

    Download
  • memory/4348-137-0x0000000010000000-0x000000001000F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/4348-138-0x0000000000400000-0x00000000004A9000-memory.dmp
    Filesize

    676KB

    Download
  • memory/4348-139-0x0000000010000000-0x000000001000F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/4348-140-0x0000000000400000-0x00000000004A9000-memory.dmp
    Filesize

    676KB

    Download
  • memory/4348-141-0x0000000010000000-0x000000001000F000-memory.dmp
    Filesize

    60KB

    Download