Overview

overview

8

Static

static

beabcc0d5c...3a.exe

windows7-x64

8

beabcc0d5c...3a.exe

windows10-2004-x64

Analysis

  • max time kernel
    151s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beabcc0d5c330069edd5e77a8b57a4784999a2b808ee3f7e0a09343fec49393a.exe

  • Size

    193KB

  • MD5

    57bd61376650118b1d71818b0312e792

  • SHA1

    c2f679009121508c1fe1b0c20ce396727cf43344

  • SHA256

    beabcc0d5c330069edd5e77a8b57a4784999a2b808ee3f7e0a09343fec49393a

  • SHA512

    02e37511eb0a9305b5228d14720de267c47251c72aaaa16fc79e748cadf35f709ba88aa3b3edbd2d10b7a4c96e424a24e5a35c98c0b85bd1955bd0ea02da4ea7

  • SSDEEP

    3072:1Gfc0yB2N32x/AA8WE2oA854xcRzqxqV6Pv2aTnaRQY18auR+vZHNKigULF5x:o3yQN32/g2Xu4eY5TnQ18aA+vxNKigA

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1284
      • C:\Users\Admin\AppData\Local\Temp\beabcc0d5c330069edd5e77a8b57a4784999a2b808ee3f7e0a09343fec49393a.exe
        "C:\Users\Admin\AppData\Local\Temp\beabcc0d5c330069edd5e77a8b57a4784999a2b808ee3f7e0a09343fec49393a.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1976
        • C:\Users\Admin\AppData\Roaming\Ikpes\amif.exe
          "C:\Users\Admin\AppData\Roaming\Ikpes\amif.exe"
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:964
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp24d1fe18.bat"
          3⤵
          • Deletes itself
          PID:656
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1232
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1164
        • C:\Windows\system32\conhost.exe
          \??\C:\Windows\system32\conhost.exe "1913330648-326437666-952827960-1078912715695524223-1046049152-1522994835904014347"
          1⤵
            PID:1040

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmp24d1fe18.bat
            Filesize

            307B

            MD5

            2de16604e241d7c8abba002580fcf74c

            SHA1

            97e96bc2afe0772e42c435ec6c67465470ede656

            SHA256

            24ff7dd40cd24a96874fb1c1538c5f579e69f5900f6dcf4704606574c1fa3016

            SHA512

            c1c94f6fba4b8400f63f9625a2e8e5ab01d879712e922671a74630a591551f3b268ac5e53bddf4d8544f00407ad6420541b075c6a929de365222c474984ebdd2

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Ikpes\amif.exe
            Filesize

            193KB

            MD5

            48a947973d0d4908fc973ad39c456312

            SHA1

            820cd8856791bd377d3f79479eb83c85edea6ea9

            SHA256

            edd2b0c3a8b1b92965aed2551f2c9a7a3674c13fa9e00f3b8cd2caddfce33303

            SHA512

            fca25d527c8d2a2992dbdc90483569b409ed3570084240dafc0926afc3e7a097183b82e8971ff485ac9839223a7dd3c4fd6d449f062aaf90512c59daf797cfb0

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Ikpes\amif.exe
            Filesize

            193KB

            MD5

            48a947973d0d4908fc973ad39c456312

            SHA1

            820cd8856791bd377d3f79479eb83c85edea6ea9

            SHA256

            edd2b0c3a8b1b92965aed2551f2c9a7a3674c13fa9e00f3b8cd2caddfce33303

            SHA512

            fca25d527c8d2a2992dbdc90483569b409ed3570084240dafc0926afc3e7a097183b82e8971ff485ac9839223a7dd3c4fd6d449f062aaf90512c59daf797cfb0

            Download Submit

          • \Users\Admin\AppData\Roaming\Ikpes\amif.exe
            Filesize

            193KB

            MD5

            48a947973d0d4908fc973ad39c456312

            SHA1

            820cd8856791bd377d3f79479eb83c85edea6ea9

            SHA256

            edd2b0c3a8b1b92965aed2551f2c9a7a3674c13fa9e00f3b8cd2caddfce33303

            SHA512

            fca25d527c8d2a2992dbdc90483569b409ed3570084240dafc0926afc3e7a097183b82e8971ff485ac9839223a7dd3c4fd6d449f062aaf90512c59daf797cfb0

            Download Submit

          • \Users\Admin\AppData\Roaming\Ikpes\amif.exe
            Filesize

            193KB

            MD5

            48a947973d0d4908fc973ad39c456312

            SHA1

            820cd8856791bd377d3f79479eb83c85edea6ea9

            SHA256

            edd2b0c3a8b1b92965aed2551f2c9a7a3674c13fa9e00f3b8cd2caddfce33303

            SHA512

            fca25d527c8d2a2992dbdc90483569b409ed3570084240dafc0926afc3e7a097183b82e8971ff485ac9839223a7dd3c4fd6d449f062aaf90512c59daf797cfb0

            Download Submit

          • memory/656-109-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/656-97-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/656-93-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/656-95-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/656-96-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/656-98-0x000000000006108A-mapping.dmp

            Download

          • memory/964-89-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/964-110-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/964-61-0x0000000000000000-mapping.dmp

            Download

          • memory/1040-107-0x00000000002F0000-0x0000000000318000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1040-104-0x00000000002F0000-0x0000000000318000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1040-105-0x00000000002F0000-0x0000000000318000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1040-106-0x00000000002F0000-0x0000000000318000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1164-65-0x0000000001BD0000-0x0000000001BF8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1164-70-0x0000000001BD0000-0x0000000001BF8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1164-67-0x0000000001BD0000-0x0000000001BF8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1164-68-0x0000000001BD0000-0x0000000001BF8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1164-69-0x0000000001BD0000-0x0000000001BF8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1232-73-0x0000000001AF0000-0x0000000001B18000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1232-76-0x0000000001AF0000-0x0000000001B18000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1232-75-0x0000000001AF0000-0x0000000001B18000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1232-74-0x0000000001AF0000-0x0000000001B18000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1284-79-0x00000000026C0000-0x00000000026E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1284-80-0x00000000026C0000-0x00000000026E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1284-81-0x00000000026C0000-0x00000000026E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1284-82-0x00000000026C0000-0x00000000026E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-90-0x00000000004C0000-0x00000000004F5000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1976-85-0x00000000004C0000-0x00000000004E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-86-0x00000000004C0000-0x00000000004E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-99-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1976-100-0x00000000004C0000-0x00000000004E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-88-0x00000000004C0000-0x00000000004E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-87-0x00000000004C0000-0x00000000004E8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1976-54-0x0000000074D81000-0x0000000074D83000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1976-58-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1976-57-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1976-56-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download

          • memory/1976-55-0x0000000000400000-0x0000000000435000-memory.dmp

            Filesize

            212KB

            Download