Analysis
-
max time kernel
141s -
max time network
188s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 23:53
General
-
Target
cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe
-
Size
85KB
-
MD5
e3ead99da0eab7e16219d8c344ceb83c
-
SHA1
42bf753e5ca905cae733e79008d6d7ed813cdaec
-
SHA256
cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05
-
SHA512
14df1b2481ffa0203784816bb87bf040195bdbcfe2ffa40bed0c25b257f7d3a3edd7dfe61b452a97cfd9562ead1ca9b08c5125e5cd41a023157dae917fb39671
-
SSDEEP
1536:5w0YsozcsH+BeiE3/Tp8YN2Q9Hhxzi2yiKlmtQDlKODyUJdncip0JoEf:5VkcsWEP9LJZFy6tQDlrDya5702Ef
Malware Config
Signatures
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe"C:\Users\Admin\AppData\Local\Temp\cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe"C:\Users\Admin\AppData\Local\Temp\cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=cb897acedcc2bd770876cca277441124d79063dcbacb37d3ac84382bc6773f05.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:336 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AJ6BFJYP.txtFilesize
608B
MD52f4ad14197d644e7350ccd5a0d091327
SHA1d497eb596dcb95c0c8b01e0bbd5f035350e9b529
SHA2564dbf4adf8ec57a9106cfe08b350f93061ae55de4e02a079568cbcdd1e457aac2
SHA512849b91cc0b1929b26796777479a17be3feb779523ad84e50139d6acffaa9008c9ceee185d23ca7a0a3bb3517d78a150d6f7c4a18c1ad4cba285f73f040870a7d
-
memory/1208-56-0x0000000000400000-0x000000000044C000-memory.dmpFilesize
304KB
-
memory/1208-65-0x0000000000400000-0x000000000044C000-memory.dmpFilesize
304KB
-
memory/1956-57-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1956-58-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1956-60-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1956-61-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1956-63-0x000000000040FD42-mapping.dmp
-
memory/1956-62-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1956-66-0x0000000000402000-0x000000000040FE00-memory.dmpFilesize
55KB
-
memory/1956-67-0x0000000000402000-0x000000000040FE00-memory.dmpFilesize
55KB
-
memory/1956-68-0x0000000075C21000-0x0000000075C23000-memory.dmpFilesize
8KB