Overview

overview

8

Static

static

570fe93bd1...f6.exe

windows7-x64

8

570fe93bd1...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe

  • Size

    184KB

  • MD5

    a1608b21962b1fef1e87948753a8d3d2

  • SHA1

    3215288dd5ecf93b00cee7cb5670966e8f44cfb0

  • SHA256

    570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6

  • SHA512

    efeaf181ebfd6c342e513691db4948e024f02b701de63f2bd620bcf546b4678a9041a3245086091d48bab2bbe736f9763621a3f85b55a5da4fc5810b7b3ccdc9

  • SSDEEP

    3072:84r0/5Q3FosIbwKkD07DeDrVBRpg5uJBm0RcOIJ8z:84QRGFqMh07DeD9pg5mB/2OIJ8

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe
    "C:\Users\Admin\AppData\Local\Temp\570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
      C:\Users\Admin\AppData\Local\Temp\servicesc.exe 570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:656
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x568
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1168

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    d542fd20caac2c34bbec498c05b0d828

    SHA1

    5deb07503e212e23e1f6d23b7fd93289da20061f

    SHA256

    d74fca83e5cf20d9081e099a12e9c70d8c6ecaf52f4ec2963246353dc447b666

    SHA512

    0e853a822008229b81a89ebc80d0d7beef08c45471cf4a2d6eb12aa1e19d56c96b6f7ae18f49cc2c317941b2a1c18be6211e8447b22eb5498dbcd17a8ea5c78b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    d542fd20caac2c34bbec498c05b0d828

    SHA1

    5deb07503e212e23e1f6d23b7fd93289da20061f

    SHA256

    d74fca83e5cf20d9081e099a12e9c70d8c6ecaf52f4ec2963246353dc447b666

    SHA512

    0e853a822008229b81a89ebc80d0d7beef08c45471cf4a2d6eb12aa1e19d56c96b6f7ae18f49cc2c317941b2a1c18be6211e8447b22eb5498dbcd17a8ea5c78b

    Download Submit
  • \Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    d542fd20caac2c34bbec498c05b0d828

    SHA1

    5deb07503e212e23e1f6d23b7fd93289da20061f

    SHA256

    d74fca83e5cf20d9081e099a12e9c70d8c6ecaf52f4ec2963246353dc447b666

    SHA512

    0e853a822008229b81a89ebc80d0d7beef08c45471cf4a2d6eb12aa1e19d56c96b6f7ae18f49cc2c317941b2a1c18be6211e8447b22eb5498dbcd17a8ea5c78b

    Download Submit
  • memory/656-59-0x0000000000000000-mapping.dmp
    Download
  • memory/1348-56-0x0000000075F81000-0x0000000075F83000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1348-63-0x0000000004401000-0x00000000052AD000-memory.dmp
    Filesize

    14.7MB

    Download