Analysis
-
max time kernel
111s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
07-11-2022 12:50
General
-
Target
5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de.exe
-
Size
292KB
-
MD5
0cce48f3e156333bf22e3305e4592de0
-
SHA1
34f80185ccc4e98c70d2ce171421137e5eef9599
-
SHA256
5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de
-
SHA512
081942feef4a7cfba4a1f8788afd5641ea08ee8c61157f1725e6a21fe86c953487c7ca6fcb037a838524c0a3a4fa336de611b10e0d3fb53b2e4503d3557c7370
-
SSDEEP
6144:spFXJCEGWhXGwOIY9xzR9kCN5tfJCecPc3NeFc:aJCEGWGuYrN5tf8eck3wF
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 18 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de.exe"C:\Users\Admin\AppData\Local\Temp\5dd2390222c5e0b3476122fb9305932faa33e311a6ab062218c55be911a0f6de.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\win76.exeC:\Users\Admin\AppData\Local\Temp\win76.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=win76.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:944 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
Filesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
Filesize
597B
MD53a58c94dd012b74f679be6ff12d574f9
SHA16295da7e1e28a0f389d518c19f836ec877347e13
SHA2562d5bc6516a3afffc357c540303583eba77ab427529d2650eae7d3c793cef0324
SHA5125cd3193b1abb9b39081177b41271ece5ca0cc711d33ac6f90e86f7c76aaf7369214b6ca8c8c0d4d62d783dee0b320f0cf0a3c5bd8740eecd43be88e872f6a6e1
-
Filesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
Filesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
Filesize
8KB
-
Filesize
5.7MB
-
Filesize
5.7MB
-
Filesize
208KB
-
-
Filesize
208KB
-
Filesize
172KB
-
Filesize
172KB
-
Filesize
208KB
-
Filesize
208KB
-
Filesize
208KB
-
Filesize
208KB