Overview

overview

8

Static

static

398a2836fc...16.exe

windows7-x64

8

398a2836fc...16.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    151s
  • max time network
    65s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    398a2836fcd1e3b47fbb2ab37a772ff127ce41f6757bce42a42f917c7afca116.exe

  • Size

    186KB

  • MD5

    5c51157a71db9dc58779866cf66a8570

  • SHA1

    baed87d44cfab4c36a874670f8a195cddee2e5c9

  • SHA256

    398a2836fcd1e3b47fbb2ab37a772ff127ce41f6757bce42a42f917c7afca116

  • SHA512

    5dfe4c8f383e7b0a0bec62ff1e12d993e085698bfcd15021fa80c2bec8e231771d7676eecf43c915cc687e0acb9c945871ce930e356255d55d66d51564abf88e

  • SSDEEP

    3072:oaMUQPzXRarYU9a0Orv94RdM4vWHO69D/4LIk7PVQzJy8rm0lSca:oa2PlSReoqC76b1

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\398a2836fcd1e3b47fbb2ab37a772ff127ce41f6757bce42a42f917c7afca116.exe
    "C:\Users\Admin\AppData\Local\Temp\398a2836fcd1e3b47fbb2ab37a772ff127ce41f6757bce42a42f917c7afca116.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\Hdutea.exe
      C:\Windows\Hdutea.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Hdutea.exe
    Filesize

    186KB

    MD5

    5c51157a71db9dc58779866cf66a8570

    SHA1

    baed87d44cfab4c36a874670f8a195cddee2e5c9

    SHA256

    398a2836fcd1e3b47fbb2ab37a772ff127ce41f6757bce42a42f917c7afca116

    SHA512

    5dfe4c8f383e7b0a0bec62ff1e12d993e085698bfcd15021fa80c2bec8e231771d7676eecf43c915cc687e0acb9c945871ce930e356255d55d66d51564abf88e

    Download Submit
  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    408B

    MD5

    bbd8f3508234c622426ee061f790733f

    SHA1

    b5683735636d0a81f697391ecc7318c1480690dd

    SHA256

    39159abaeca27772aa2c350ca2e65956b32358b47ca46dd636a00089d664faf4

    SHA512

    2c042778aa2dcb4a98faa6fd93fb80c7907a1faf0e0bafbe6ae6fb01c4bd9db39bf4afc632f4be753bbb1b8d2714f3cce9074e72d94c1e0f109dd1e19cb200a8

    Download Submit
  • memory/868-54-0x0000000075131000-0x0000000075133000-memory.dmp
    Filesize

    8KB

    Download
  • memory/868-55-0x0000000000120000-0x000000000012C000-memory.dmp
    Filesize

    48KB

    Download
  • memory/868-56-0x0000000000400000-0x0000000000443000-memory.dmp
    Filesize

    268KB

    Download
  • memory/868-57-0x0000000000400000-0x0000000000443000-memory.dmp
    Filesize

    268KB

    Download
  • memory/868-63-0x0000000000400000-0x0000000000443000-memory.dmp
    Filesize

    268KB

    Download
  • memory/952-58-0x0000000000000000-mapping.dmp
    Download
  • memory/952-62-0x0000000000400000-0x0000000000443000-memory.dmp
    Filesize

    268KB

    Download
  • memory/952-64-0x0000000000400000-0x0000000000443000-memory.dmp
    Filesize

    268KB

    Download