Overview

overview

8

Static

static

81fe7fa58b...33.exe

windows7-x64

8

81fe7fa58b...33.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    138s
  • max time network
    199s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433.exe

  • Size

    743KB

  • MD5

    413031e2636162d5229f2b9e39310f27

  • SHA1

    6b62e163e0d1472f0ea087f603fb797d332eaf7a

  • SHA256

    81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433

  • SHA512

    a9dc65c9423b4450d8c939d9c50355044fcd167a2495e31310f28ee328e0277841e69b721c386868e9d7deaf5dd4c2f1cefdfbbd0babf5554eed01447c22cd11

  • SSDEEP

    12288:sRyTSktU4g/n/t0EW5A0zyYvJwQ5oAlK+GE4vebIk6bQQ52LgRg0py5Hpnrzv:wStU4gf2EW5A2DJr/kS4vGIk6voHf

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433.exe
    "C:\Users\Admin\AppData\Local\Temp\81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1772
  • C:\Windows\Hacker.com.cn.exe
    C:\Windows\Hacker.com.cn.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:1056

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\Hacker.com.cn.exe
      Filesize

      743KB

      MD5

      413031e2636162d5229f2b9e39310f27

      SHA1

      6b62e163e0d1472f0ea087f603fb797d332eaf7a

      SHA256

      81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433

      SHA512

      a9dc65c9423b4450d8c939d9c50355044fcd167a2495e31310f28ee328e0277841e69b721c386868e9d7deaf5dd4c2f1cefdfbbd0babf5554eed01447c22cd11

      Download Submit

    • C:\Windows\Hacker.com.cn.exe
      Filesize

      743KB

      MD5

      413031e2636162d5229f2b9e39310f27

      SHA1

      6b62e163e0d1472f0ea087f603fb797d332eaf7a

      SHA256

      81fe7fa58bfa0a2a043a1a68da4f912e94ae036920ad9d7a8c6db3adfd56c433

      SHA512

      a9dc65c9423b4450d8c939d9c50355044fcd167a2495e31310f28ee328e0277841e69b721c386868e9d7deaf5dd4c2f1cefdfbbd0babf5554eed01447c22cd11

      Download Submit

    • memory/1772-54-0x0000000075291000-0x0000000075293000-memory.dmp

      Filesize

      8KB

      Download