7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069

Analysis

max time kernel
153s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 15:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
Size

60KB
MD5

048a7a2cc49794cb11f7b033c9390cd3
SHA1

2cf835e6f254f6862a2320879dc3ea8976d68b9c
SHA256

7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069
SHA512

807f238ae4933ff9f40d14c93d959ad6c69b7950c7a92df07519ac5b3a2185b539e2fa67932c350e8f3ba69a0a7c88ecb8317c143ef13d100d21d161629648f8
SSDEEP

1536:CY5IVqNE8QjmoJ1Zj/fBgaIgdPexfAgVV/cMCEoT:ZAqNE8QjmoJnr6ay6yVW7T

Score

8^/10

persistence

Malware Config

Signatures

Sets DLL path for service in the registry 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ÓÐ³¯Ò»ÈÕÈ¨ÔÚÊÖ£¬É±¾¡ÌìÏÂª¨ÜÀ«¥\Parameters\ServiceDll = "%SystemRoot%\\System32\\aofoav.dll"	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\ÓÐ³¯Ò»ÈÕÈ¨ÔÚÊÖ£¬É±¾¡ÌìÏÂª¨ÜÀ«¥\Parameters\ServiceDll = "%SystemRoot%\\System32\\aofoav.dll"	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet003\Services\ÓÐ³¯Ò»ÈÕÈ¨ÔÚÊÖ£¬É±¾¡ÌìÏÂª¨ÜÀ«¥\Parameters\ServiceDll = "%SystemRoot%\\System32\\aofoav.dll"	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe

Loads dropped DLL 2 IoCs

pid	Process
4972	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
4248	svchost.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\0006c604.ini	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
File created	C:\Windows\SysWOW64\aofoav.dll	7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4248	svchost.exe
4248	svchost.exe
4248	svchost.exe

C:\Users\Admin\AppData\Local\Temp\7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe
"C:\Users\Admin\AppData\Local\Temp\7cb650b8be8d07cca3bb7b7dfa77998b917b668491fcbab77dc38ddb246de069.exe"
1⤵
- Sets DLL path for service in the registry
- Loads dropped DLL
- Drops file in System32 directory
PID:4972

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k ÓÐ³¯Ò»ÈÕÈ¨ÔÚÊÖ£¬É±¾¡ÌìÏÂª¨ÜÀ«¥
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\aofoav.dll

Filesize
93KB

MD5
2bec6d042cb971bd01f12d125856eb6f

SHA1
7b6c14b498df4fccbd4eac46b592cd25a1c60cd1

SHA256
81f666b2ebd492345e8ada6905db0780081239f79ef6c4e0552443895751abae

SHA512
33a76dbd82b426344f4e6ebd8045a3d07ab06ace8205f73d7614c4f90b91bcc1df996429bc327f8efab56aa18c6d9a04ff59d2801ae4870da247e4cfee1b0f60

Download Submit
C:\Windows\SysWOW64\aofoav.dll

Filesize
93KB

MD5
2bec6d042cb971bd01f12d125856eb6f

SHA1
7b6c14b498df4fccbd4eac46b592cd25a1c60cd1

SHA256
81f666b2ebd492345e8ada6905db0780081239f79ef6c4e0552443895751abae

SHA512
33a76dbd82b426344f4e6ebd8045a3d07ab06ace8205f73d7614c4f90b91bcc1df996429bc327f8efab56aa18c6d9a04ff59d2801ae4870da247e4cfee1b0f60

Download Submit
\??\c:\windows\SysWOW64\aofoav.dll

Filesize
93KB

MD5
2bec6d042cb971bd01f12d125856eb6f

SHA1
7b6c14b498df4fccbd4eac46b592cd25a1c60cd1

SHA256
81f666b2ebd492345e8ada6905db0780081239f79ef6c4e0552443895751abae

SHA512
33a76dbd82b426344f4e6ebd8045a3d07ab06ace8205f73d7614c4f90b91bcc1df996429bc327f8efab56aa18c6d9a04ff59d2801ae4870da247e4cfee1b0f60

Download Submit