Analysis

  • max time kernel
    367s
  • max time network
    435s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:51

General

  • Target

    6a61d550ead9604617b2979b67d6da5b095e559c6623ff6d19879a2feb939ced.exe

  • Size

    466KB

  • MD5

    4444fdd8a9c1a6e6ca191054bf4039c6

  • SHA1

    1b6fee86baaeefe746d932361203b9bf27fad5f9

  • SHA256

    6a61d550ead9604617b2979b67d6da5b095e559c6623ff6d19879a2feb939ced

  • SHA512

    97dad2cbb4c94c8a3fabbcfaa6dd4367b8b394ca4dcf151da7d576b60968064d7702f8e10ac43a6233ff91f0a5c8c9dd5ec658b3c5af1b3994e2fde4ac4b64e3

  • SSDEEP

    12288:Fr3+AZz6vIlBP9S/hsbRbG8LJgEFm8BDVqdEyoFWVoBX:Ff1lyhsb97LiAm8BxoErFWyl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a61d550ead9604617b2979b67d6da5b095e559c6623ff6d19879a2feb939ced.exe
    "C:\Users\Admin\AppData\Local\Temp\6a61d550ead9604617b2979b67d6da5b095e559c6623ff6d19879a2feb939ced.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.wa300.com/tj.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:456
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:456 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3940
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\6A61D5~1.EXE
      2⤵
        PID:1740

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1360-132-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

    • memory/1360-136-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

    • memory/1740-135-0x0000000000000000-mapping.dmp