Overview

overview

8

Static

static

1be70aadab...70.exe

windows7-x64

8

1be70aadab...70.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1be70aadab1048bf2cbf71ee7fdb951cf47f04065674e6ad83d114a670f5a170.exe

  • Size

    164KB

  • MD5

    5664b9abe1b27ac646d149a4e0383d3a

  • SHA1

    95ae306087d40d64757c8328d5ecad288025a254

  • SHA256

    1be70aadab1048bf2cbf71ee7fdb951cf47f04065674e6ad83d114a670f5a170

  • SHA512

    478e753a03a9bcb5040acd1122d1f274cef481711d0e9858474c84f36e9dbdc5d5eddab5ee205ff3ab4d8a33872251f0d130ace7f12cf017efe510424576fb7e

  • SSDEEP

    3072:ASpYdBUSchnEDRjIs+IrRiSv4Z9QkDIUCeTxnMwwYeIfB4cOS8oCRcLYB3IMgHZp:1edBUSeWjwwRiMGDIUCe1nMwuIfB4cOy

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1be70aadab1048bf2cbf71ee7fdb951cf47f04065674e6ad83d114a670f5a170.exe
    "C:\Users\Admin\AppData\Local\Temp\1be70aadab1048bf2cbf71ee7fdb951cf47f04065674e6ad83d114a670f5a170.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1900
    • C:\Windows\Smohua.exe
      C:\Windows\Smohua.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Smohua.exe
    Filesize

    164KB

    MD5

    5664b9abe1b27ac646d149a4e0383d3a

    SHA1

    95ae306087d40d64757c8328d5ecad288025a254

    SHA256

    1be70aadab1048bf2cbf71ee7fdb951cf47f04065674e6ad83d114a670f5a170

    SHA512

    478e753a03a9bcb5040acd1122d1f274cef481711d0e9858474c84f36e9dbdc5d5eddab5ee205ff3ab4d8a33872251f0d130ace7f12cf017efe510424576fb7e

    Download Submit

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    408B

    MD5

    a4bcde6e0df739fefc86813f02674a57

    SHA1

    3ade3b071e047a66467e1604c2b5a7d4813ba09c

    SHA256

    edbf1e435441d8a3bbced0b2b090d4c48e7f3fed83c22b3a0d5f518c8701ac39

    SHA512

    1ea1a60c9c011ace1661eb473b3109fc1a05a2b4549c14e5775255bd70dbacbf6dab55a6f03cda83015d86b16484241beea1b73ef5c7aaecc1922a19c2c85c0f

    Download Submit

  • memory/1900-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1900-55-0x0000000000220000-0x000000000022E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1900-56-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1900-62-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1900-63-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1924-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1924-61-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1924-64-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB

    Download