Overview

overview

8

Static

static

8b5c2ed23d...3b.exe

windows7-x64

8

8b5c2ed23d...3b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b5c2ed23d82235e772635ddbedb6ced168328d9299b8c2ac885d7120540003b.exe

  • Size

    225KB

  • MD5

    43c2cb824d039d2dd473f948c3155761

  • SHA1

    d2a91c0b957260be9fe81412aed96fd95d616a25

  • SHA256

    8b5c2ed23d82235e772635ddbedb6ced168328d9299b8c2ac885d7120540003b

  • SHA512

    3ff7f1a4130336e6f90fd9427d776c5cafb7f98303bd7fb4e2e73257fe2343ad82a28564b7d51d894b020561c10adee09fbab20a4f3cc97117ff52c7fcfe1036

  • SSDEEP

    3072:WPxfJGXnSmEisBooTVqIdfLAvNWUhwvTTIAHFHkyVE4ABvTuYGNLXlj7wPp0tid/:NzE3FTpdk98NVE4ABGJljcPOtoHh

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b5c2ed23d82235e772635ddbedb6ced168328d9299b8c2ac885d7120540003b.exe
    "C:\Users\Admin\AppData\Local\Temp\8b5c2ed23d82235e772635ddbedb6ced168328d9299b8c2ac885d7120540003b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\Ogimea.exe
      C:\Windows\Ogimea.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2012

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Ogimea.exe
    Filesize

    225KB

    MD5

    43c2cb824d039d2dd473f948c3155761

    SHA1

    d2a91c0b957260be9fe81412aed96fd95d616a25

    SHA256

    8b5c2ed23d82235e772635ddbedb6ced168328d9299b8c2ac885d7120540003b

    SHA512

    3ff7f1a4130336e6f90fd9427d776c5cafb7f98303bd7fb4e2e73257fe2343ad82a28564b7d51d894b020561c10adee09fbab20a4f3cc97117ff52c7fcfe1036

    Download Submit
  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    408B

    MD5

    3bf53811d1d278712362d68e23c3ee7d

    SHA1

    9ee74126ff987c89d66a729db2183bcf61de4699

    SHA256

    b5a77c6bcb357a2d8aff13188c1edaa316ad55eb0a1451c7d3f1e9105965f54a

    SHA512

    541e94bc13a12f59ec3b4365ab4a76641ac9d26385aeb2a1c83d9c8ede564a92b73c96b1b95f74804e6ba2e3aa185387ef67349d335e7dcefbef47846cabe180

    Download Submit
  • memory/1480-54-0x0000000076831000-0x0000000076833000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1480-55-0x0000000000120000-0x000000000012F000-memory.dmp
    Filesize

    60KB

    Download
  • memory/1480-56-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1480-62-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/1480-63-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2012-57-0x0000000000000000-mapping.dmp
    Download
  • memory/2012-61-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download
  • memory/2012-64-0x0000000000400000-0x0000000000446000-memory.dmp
    Filesize

    280KB

    Download