Overview

overview

8

Static

static

ac02571cb1...90.exe

windows7-x64

8

ac02571cb1...90.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    66s
  • max time network
    73s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 03:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac02571cb1541c6c7692f288bc45b9f8276b017d0ba2341b45573e26b9f60e90.exe

  • Size

    877KB

  • MD5

    58c4583025d0716b10c82770f9ae3266

  • SHA1

    21de70f977ad42c482e1e22bffcc00fc530e21f7

  • SHA256

    ac02571cb1541c6c7692f288bc45b9f8276b017d0ba2341b45573e26b9f60e90

  • SHA512

    419477475c91f04e3743d6177a1a1e9a23e484968719cac61407b5d088133da61515c1a27e9232da8f5ba5ad5afaf223f05d10cddc1ab45d61d437088bcb6d52

  • SSDEEP

    24576:rHX4UT4ysTQb9tvDaedJ9zBI5HZSibIIYsd5:T4C4yxbpr4QiUk5

Score
8/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac02571cb1541c6c7692f288bc45b9f8276b017d0ba2341b45573e26b9f60e90.exe
    "C:\Users\Admin\AppData\Local\Temp\ac02571cb1541c6c7692f288bc45b9f8276b017d0ba2341b45573e26b9f60e90.exe"
    1⤵
    • Registers COM server for autorun
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1396-54-0x00000000754C1000-0x00000000754C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1396-55-0x0000000002230000-0x0000000002375000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1396-62-0x0000000002230000-0x0000000002375000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1396-63-0x0000000002230000-0x0000000002375000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/1396-64-0x0000000002230000-0x0000000002375000-memory.dmp

    Filesize

    1.3MB

    Download