Overview

overview

8

Static

static

c37e69ab7e...d0.exe

windows7-x64

8

c37e69ab7e...d0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    159s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 18:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c37e69ab7e6bbf12ffda266080c90e42e99459e81225000b8b093a96f98a86d0.exe

  • Size

    622KB

  • MD5

    4541567d2434b2ae79d96ecfde2a7f10

  • SHA1

    572a66d134fa40e4faad26f1fb5740b953758fdd

  • SHA256

    c37e69ab7e6bbf12ffda266080c90e42e99459e81225000b8b093a96f98a86d0

  • SHA512

    49fb5c7df2b862a4cb6b8376020d09e9f34a31b43c46309850b99f55496b50129a0506a703805c62dfcc31f38f9351627da6b39ebe3a91279f026fc1545b2eb2

  • SSDEEP

    12288:E5NeIXRYHWGxG9tUp36sbMjZhc7besfAjmJhyt7BZ:E5AgRcpQ/UlbMjZKKsfcmvcD

Score
8/10
discoveryevasiontrojan

Malware Config

Signatures

  • Disables taskbar notifications via registry modification
    evasion
  • Executes dropped EXE 3 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 19 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\c37e69ab7e6bbf12ffda266080c90e42e99459e81225000b8b093a96f98a86d0.exe
    "C:\Users\Admin\AppData\Local\Temp\c37e69ab7e6bbf12ffda266080c90e42e99459e81225000b8b093a96f98a86d0.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1204
  • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    • Windows security modification
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • System policy modification
    PID:3884
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4276
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:4228

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    Filesize

    2.1MB

    MD5

    fbf637700414407ef9dc80b4f39e1c0d

    SHA1

    85ecf2a785d49857b23b3891a24d76561871efb5

    SHA256

    d2ddb2f88660b14ec935ead841153a5fae77e1adf67a8cd55f6257f720679d22

    SHA512

    8964e581e4eda90f210f7790c6d4132b07293112b3d4927a84579a2ff8a9c7747a19cdb50fcaec5811620196f906ae645d89a25dd4aaf12295c52baf2010eba7

    Download Submit

  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    Filesize

    792KB

    MD5

    56fe7906f837de5c57250cd108c50d1a

    SHA1

    6076926b746df91274ffa0c04d391aee08b48756

    SHA256

    0e579f92c26a773bd70e408ddddc3e1bad0ff1b87c0c20ad72a0a75d130e2474

    SHA512

    ab643fce15d0dad35a8c2b5b25cb028a886d44be75bce522e49cff286bfa1e163d8709c1f27d645d25bfb5ed439d3e7ba147b3017a166afaf605a5dc74433320

    Download Submit

  • C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
    Filesize

    2.0MB

    MD5

    9a8c2cb7a7d71bc059963ccaa65613aa

    SHA1

    6890a773bfea1aab7dddd8294363501c0b189c7a

    SHA256

    4565ec1dbf3b54d9aca61ce7b046d06cc063076f4b65db9c3d6de6afbd631159

    SHA512

    0fde3c444d85c627aca4ef8cc411953e49015ab2a9995f26f2176b2874ac4210f3d9acc6dec001de38c1acadb104893b8e72b61f74bbed032145199eb87f6b53

    Download Submit

  • \??\c:\program files\common files\microsoft shared\source engine\ose.exe
    Filesize

    801KB

    MD5

    fc1a27545086b6adf3ac983f1b4e7d7b

    SHA1

    bf341abe3212f11d38a5498c07be04051b4ddbde

    SHA256

    01715139003777cb92a25b1daee38e11ce2d325052499404fb48aa9fa1c55b0c

    SHA512

    7b806614ca3dba025d605830ab3c093a29c23ee01a730a80424f6b12fc9acf0a1ca7d2ce4bdb9fd2eeae15c4a339827e011997f426d2bffd68603f2c65362104

    Download Submit

  • \??\c:\program files\windows media player\wmpnetwk.exe
    Filesize

    1.5MB

    MD5

    b14d5872b5ff30fd3999687062cac9b3

    SHA1

    fa7a58d886b5898b22aff9960f2320bb246d0525

    SHA256

    2ad24e13a7cfd12965d54d96976a21252f71099b03add912e6ca3614919196fc

    SHA512

    a2eb6473f733a9f636fe2a41e1c5faf2cf74ef08d1bff4b800d3cd31941707228e96fe5f0bf55ae1f88f2ef41c7ff8ba01e8ea3c2f4ace2854b908a533afb29f

    Download Submit

  • \??\c:\windows\system32\Agentservice.exe
    Filesize

    1.7MB

    MD5

    4dad42befc2829b2441f46be4aa0f7a6

    SHA1

    b46c4c16dbe2587e617394bcc50390317796afed

    SHA256

    384a906f688e9a2671ae49e38651d9c255d88a33acd4aac8a3d4269427ea92ae

    SHA512

    712351d83b7ef3fa0d4164bae9a91998306cfbb70a2b1a403be3249747dbd0f5d64a69526aa86cfced8de9ec7905653fabd74aae32638b45aafd4a23c2f46f14

    Download Submit

  • \??\c:\windows\system32\Appvclient.exe
    Filesize

    1.3MB

    MD5

    b4cf5951999ed0d430283df07a1b1bdf

    SHA1

    9e187b8db8cf40ca2526ee72c140371e0eb3a955

    SHA256

    b19b60df8ee27d7a57f7944e70859c3bf1b7a1dca18e6c69053ac2078cab9744

    SHA512

    2f4ea25a4f5841c60ace88471b6206d1afdd46ac505e72c015f31bee6135a4ccc04e62bc828d997c490aabcdda47cb9b81749e4c525c7469a85284a3c46b4a92

    Download Submit

  • \??\c:\windows\system32\fxssvc.exe
    Filesize

    1.2MB

    MD5

    6afc2a2c922714ff67460c62d4a9d539

    SHA1

    835d899616e7657adf8b7e41823eaf1580916a01

    SHA256

    b31a9b8bf815e1206fed31f66ca2ef5878fb7ad0593c6d9e2d59d8459ef042e5

    SHA512

    8a1040221e03255acad19b14b476a256932391c47e2268663d0f735b3cb6ce0a60ad5acc9a0f1fa024ebe68964f90caeb8f0c44566a81ae164ef4fe9355c786b

    Download Submit

  • \??\c:\windows\system32\msiexec.exe
    Filesize

    627KB

    MD5

    ce7a6d6610537145cf65f90466001531

    SHA1

    f6b31fb399c3c969ac679e9e6f3eb1b7a56ff8f8

    SHA256

    50e5a4c7c5b654406912bbb514388a89a5858c1e694d73bbd0693585c3304803

    SHA512

    0eb5d7f75f683ba5eb5029667331d94318e688920e5cda3c5f4dbf70bd012969c452ff27b0bc0d9c65de09ccbe4d5818939dc38c95fb2a954333440cd82305f1

    Download Submit

  • \??\c:\windows\system32\openssh\ssh-agent.exe
    Filesize

    936KB

    MD5

    8da24adf0855a77961ef962f58d43c9e

    SHA1

    de371bfc482557d8645981472e7f43fa56a9a89e

    SHA256

    2f3b77dcecdc7f99a6562a5a0a382c17602e7243a66d4e2415586fa80e45b013

    SHA512

    f1df733d5887246232e177603c5b942aa3a3016936d00667ed8281f5be56af49f728bb1a5c149d8bb88c341744166a71fe9d2c2dc9a899950957f99de1964a70

    Download Submit

  • \??\c:\windows\system32\wbengine.exe
    Filesize

    2.1MB

    MD5

    5392eedcd00e5cd74403b459babf33f8

    SHA1

    d2a38cd8cf8e00e42aa943bf07b72fd8bca90a8f

    SHA256

    58e18a577cefef21f27af750f46134bc870b80840b56f20d177dba121380faba

    SHA512

    696311eb5d661d905509f41c3c858e0a21a9448b1bb08986beecc7c9491fde1973365c039b5cf6140a13e25436fd77a332fec9788914137f2b1313ef59e214b6

    Download Submit

  • memory/1204-132-0x0000000001000000-0x000000000125C000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/1204-133-0x0000000001000000-0x000000000125C000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/3884-135-0x0000000140000000-0x00000001403F6000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/3884-138-0x0000000140000000-0x00000001403F6000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4228-140-0x0000000140000000-0x00000001402B7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4228-142-0x0000000140000000-0x00000001402B7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/4276-144-0x0000000140000000-0x0000000140413000-memory.dmp

    Filesize

    4.1MB

    Download

  • memory/4276-137-0x0000000140000000-0x0000000140413000-memory.dmp

    Filesize

    4.1MB

    Download