Overview

overview

8

Static

static

7fbc352820...92.exe

windows7-x64

8

7fbc352820...92.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fbc352820a8bdbe1dfed140a005e236fe2112719e691f4c4e9c64be69072e92.exe

  • Size

    136KB

  • MD5

    6c6bca42743b20a8940b901506a25283

  • SHA1

    b7fded0712090f33b48d51695c307dd3a3e2640a

  • SHA256

    7fbc352820a8bdbe1dfed140a005e236fe2112719e691f4c4e9c64be69072e92

  • SHA512

    9fa7431d94664445d9042f4355dff9495b71646dee9d464799674a2030c909a5fd574f1eb3097d46eff2737f186eed10fb71b559159b80016f17d27586ede930

  • SSDEEP

    1536:/tvSTxHYiCauuT3aKFpz5uvfxNu/MQE+Q5OO2sSABw7qrOI+8Sl8l6CZT:JSTlYpauueNvv5O9zd7qrOI+8wM

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fbc352820a8bdbe1dfed140a005e236fe2112719e691f4c4e9c64be69072e92.exe
    "C:\Users\Admin\AppData\Local\Temp\7fbc352820a8bdbe1dfed140a005e236fe2112719e691f4c4e9c64be69072e92.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
      C:\Users\Admin\AppData\Local\Temp\servicesc.exe 7fbc352820a8bdbe1dfed140a005e236fe2112719e691f4c4e9c64be69072e92.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    564b45c7bf27eabd55cdfbde14f81e09

    SHA1

    e69b69b1b69f7d6333af8500792bc378b15ace5a

    SHA256

    5fe1e869c881aad786f1ca044faa2b57a6f0505b0b2892daf8d1837eeae99ac2

    SHA512

    043037525904987eb6ddd06d0adce933eea3aaeda9797ca8636af419dbe820c122960d47f14076c7b7f1ff61f29774c90f454e14025090643cc6b41271c579ed

    Download Submit
  • \Users\Admin\AppData\Local\Temp\csh.dll
    Filesize

    68KB

    MD5

    8b8e53a924e28feb6a014b17910f5800

    SHA1

    3da6912715efb0268e4e886949c8ad55e41acdcb

    SHA256

    19fde3fb9e6b0282555ff6f4f99da8ad1294e10b115d4c925c22147a8ea17b00

    SHA512

    36f94c032765af4f764ca6ada3b56a61f8466166d38505461efb5f17bb3f6bd4adfde9a990db64c53d488fe75df26a0e1d528fa9eee2010f05e20d97ece00f7d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    564b45c7bf27eabd55cdfbde14f81e09

    SHA1

    e69b69b1b69f7d6333af8500792bc378b15ace5a

    SHA256

    5fe1e869c881aad786f1ca044faa2b57a6f0505b0b2892daf8d1837eeae99ac2

    SHA512

    043037525904987eb6ddd06d0adce933eea3aaeda9797ca8636af419dbe820c122960d47f14076c7b7f1ff61f29774c90f454e14025090643cc6b41271c579ed

    Download Submit
  • \Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    564b45c7bf27eabd55cdfbde14f81e09

    SHA1

    e69b69b1b69f7d6333af8500792bc378b15ace5a

    SHA256

    5fe1e869c881aad786f1ca044faa2b57a6f0505b0b2892daf8d1837eeae99ac2

    SHA512

    043037525904987eb6ddd06d0adce933eea3aaeda9797ca8636af419dbe820c122960d47f14076c7b7f1ff61f29774c90f454e14025090643cc6b41271c579ed

    Download Submit
  • memory/1556-60-0x0000000000000000-mapping.dmp
    Download
  • memory/1976-56-0x0000000075CF1000-0x0000000075CF3000-memory.dmp
    Filesize

    8KB

    Download