Overview

overview

8

Static

static

6e6d2d21b7...2a.exe

windows7-x64

8

6e6d2d21b7...2a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 20:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a.exe

  • Size

    229KB

  • MD5

    35e02ae531bdfc5e355d0a3028443705

  • SHA1

    5e66bb449f1c7124c681fc9ae776f85a56516b26

  • SHA256

    6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a

  • SHA512

    dc14cc51ecd84dd07504ff005d9b3f39bc65814a9ff10e207ab7f746e1302716e3222796ae884b559d915f603855126c36f8f2dca7b9e370e3bd617e1f3756d9

  • SSDEEP

    6144:GN3oLzY164VZLZlad2nYQrJ6AthVbiN03KawzkV1O:scdWrYAtvbipz2O

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a.exe
    "C:\Users\Admin\AppData\Local\Temp\6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Windows\Enihea.exe
      C:\Windows\Enihea.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:1588

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Enihea.exe
          Filesize

          229KB

          MD5

          35e02ae531bdfc5e355d0a3028443705

          SHA1

          5e66bb449f1c7124c681fc9ae776f85a56516b26

          SHA256

          6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a

          SHA512

          dc14cc51ecd84dd07504ff005d9b3f39bc65814a9ff10e207ab7f746e1302716e3222796ae884b559d915f603855126c36f8f2dca7b9e370e3bd617e1f3756d9

          Download Submit

        • C:\Windows\Enihea.exe
          Filesize

          229KB

          MD5

          35e02ae531bdfc5e355d0a3028443705

          SHA1

          5e66bb449f1c7124c681fc9ae776f85a56516b26

          SHA256

          6e6d2d21b75d10e19dfb5d3d15931c4420a900128485dec6687296fe77ef8d2a

          SHA512

          dc14cc51ecd84dd07504ff005d9b3f39bc65814a9ff10e207ab7f746e1302716e3222796ae884b559d915f603855126c36f8f2dca7b9e370e3bd617e1f3756d9

          Download Submit

        • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
          Filesize

          426B

          MD5

          2f2bfa251e9a4a956ed6375157881f1f

          SHA1

          f6880cebc3afe23afbe4f2800f534ef7a003eba7

          SHA256

          729a7deaa23a7ba78f3f1fb18840d1ba3b14f6955086fdfbff76705e4e10b83e

          SHA512

          78b75b02b2098e1a892c77dd1c0ba8cae3975a3aee5a61648ebd1dee29c35053105efce9a0c746face4fe920e3d13851042ea541bb656ce077e2604a3f144394

          Download Submit

        • memory/1588-140-0x0000000000400000-0x000000000043DA00-memory.dmp

          Filesize

          246KB

          Download

        • memory/1588-142-0x0000000000400000-0x000000000043DA00-memory.dmp

          Filesize

          246KB

          Download

        • memory/5028-135-0x0000000000400000-0x000000000043DA00-memory.dmp

          Filesize

          246KB

          Download

        • memory/5028-141-0x0000000000400000-0x000000000043DA00-memory.dmp

          Filesize

          246KB

          Download

        • memory/5028-143-0x0000000000400000-0x000000000043DA00-memory.dmp

          Filesize

          246KB

          Download