Overview

overview

6

Static

static

881586a309...d2.exe

windows7-x64

5

881586a309...d2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    112s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe

  • Size

    80KB

  • MD5

    178ab0cd177302208b27e44a76abef00

  • SHA1

    8a6d9e3c158237a34b901aa39a40352136d821b6

  • SHA256

    881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2

  • SHA512

    a1e7689ee7c29987d4f8e8c08c235f202ef6a102712701e361ba044ba5bc17e633a82f2da624a683e8e4753e65dbeda7396dbf37295d026cb097d2b7a9e7d413

  • SSDEEP

    1536:auP7LRKwuLFsA/DoGXeC6J8/Vo2ByYwOTlRQhlhfh9yjPiN0vs:Fon1/kGf6OCYyYwglCth9y7iN0vs

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe
    "C:\Users\Admin\AppData\Local\Temp\881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe
      C:\Users\Admin\AppData\Local\Temp\881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=881586a309cb1b394c2f7677fabd6ec371e17053d034a8c475a41782be6f78d2.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2032
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1004

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ORJGVS71.txt
    Filesize

    608B

    MD5

    c4422b387acc0a84a84c9490627e7996

    SHA1

    3a1e5477af834aa2e26baf1aae5c9cf811da2f8e

    SHA256

    4ded771e9637b4b887a34ebd98dc788e5ad902a23a9a8a334c885566fa879ac0

    SHA512

    ed6c4a3302fde627e60803a08f7da2152cee70f1dc4ae2a9efc30e2b9169baf552f30807c4dbe6f8483e9027000dd27a4cdbb7b286461b58188152eefa241e8b

    Download Submit
  • memory/1484-56-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1484-57-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1484-59-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1484-60-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1484-61-0x0000000000400000-0x0000000000412000-memory.dmp
    Filesize

    72KB

    Download
  • memory/1484-62-0x000000000040C42E-mapping.dmp
    Download
  • memory/1484-64-0x0000000000402000-0x000000000040C600-memory.dmp
    Filesize

    41KB

    Download
  • memory/1484-65-0x0000000000402000-0x000000000040C600-memory.dmp
    Filesize

    41KB

    Download
  • memory/1484-66-0x0000000075241000-0x0000000075243000-memory.dmp
    Filesize

    8KB

    Download