1fd5182fa9faea228d4e3850c8a3e6f2de458f61d19a907abe4ecf8a3fe8b893

Analysis

max time kernel
70s
max time network
119s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24/11/2022, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f212b57e2233a19c2d89a4fffdbbf0d.exe
Size

6.7MB
MD5

0f212b57e2233a19c2d89a4fffdbbf0d
SHA1

8f720fd2be5a828ceadf94d0ed25fa45c7016af2
SHA256

1fd5182fa9faea228d4e3850c8a3e6f2de458f61d19a907abe4ecf8a3fe8b893
SHA512

8dddbe3f80f1efa59a51e75d878a86a2f2423618fd3c8606ef0ab5da571ae9320411007249133eda524446c4ffa2dd02f6f767a78cd51869a854129bc9ac5e66
SSDEEP

98304:WYp0c8cNCsWVL4sCbO7xTnWgMG/158lKCkZ1XsDJFw7SFEk+JosO6uvSt:WYp1NgVL4HK00XcJFJFEkoos/uY

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
648	adb.exe
1428	adb.exe

Loads dropped DLL 1 IoCs

pid	Process
1164	cmd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe
1428	adb.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
952	0f212b57e2233a19c2d89a4fffdbbf0d.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 1164	952	0f212b57e2233a19c2d89a4fffdbbf0d.exe	28
PID 952 wrote to memory of 1164	952	0f212b57e2233a19c2d89a4fffdbbf0d.exe	28
PID 952 wrote to memory of 1164	952	0f212b57e2233a19c2d89a4fffdbbf0d.exe	28
PID 952 wrote to memory of 1164	952	0f212b57e2233a19c2d89a4fffdbbf0d.exe	28
PID 1164 wrote to memory of 648	1164	cmd.exe	30
PID 1164 wrote to memory of 648	1164	cmd.exe	30
PID 1164 wrote to memory of 648	1164	cmd.exe	30
PID 1164 wrote to memory of 648	1164	cmd.exe	30
PID 648 wrote to memory of 1428	648	adb.exe	31
PID 648 wrote to memory of 1428	648	adb.exe	31
PID 648 wrote to memory of 1428	648	adb.exe	31
PID 648 wrote to memory of 1428	648	adb.exe	31

C:\Users\Admin\AppData\Local\Temp\0f212b57e2233a19c2d89a4fffdbbf0d.exe
"C:\Users\Admin\AppData\Local\Temp\0f212b57e2233a19c2d89a4fffdbbf0d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:952
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1164
- - C:\Users\Admin\Documents\TvBox\adb.exe
    adb start-server
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:648
  - - C:\Users\Admin\Documents\TvBox\adb.exe
      adb fork-server server
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:1428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\TvBox\adb.exe

Filesize
667KB

MD5
d7771aa7dd449cf32ca21beb168dc866

SHA1
dad0ab3f42164dc19828eb35b2f2aa10de001287

SHA256
bf23564e38c09a06118b907b426fbfc1fa041926e09da00a8d9010d14fb986e1

SHA512
d3720b3a5db7f8cc0a2a430fdd525ec2847852e306cd598ffa784132bdf1109650dd91ab206acc5c9ede6c62cfe0b918a950c657618c3c9060411b7f10b866c1

Download Submit
C:\Users\Admin\Documents\TvBox\adb.exe

Filesize
667KB

MD5
d7771aa7dd449cf32ca21beb168dc866

SHA1
dad0ab3f42164dc19828eb35b2f2aa10de001287

SHA256
bf23564e38c09a06118b907b426fbfc1fa041926e09da00a8d9010d14fb986e1

SHA512
d3720b3a5db7f8cc0a2a430fdd525ec2847852e306cd598ffa784132bdf1109650dd91ab206acc5c9ede6c62cfe0b918a950c657618c3c9060411b7f10b866c1

Download Submit
C:\Users\Admin\Documents\TvBox\adb.exe

Filesize
667KB

MD5
d7771aa7dd449cf32ca21beb168dc866

SHA1
dad0ab3f42164dc19828eb35b2f2aa10de001287

SHA256
bf23564e38c09a06118b907b426fbfc1fa041926e09da00a8d9010d14fb986e1

SHA512
d3720b3a5db7f8cc0a2a430fdd525ec2847852e306cd598ffa784132bdf1109650dd91ab206acc5c9ede6c62cfe0b918a950c657618c3c9060411b7f10b866c1

Download Submit
\Users\Admin\Documents\TvBox\adb.exe

Filesize
667KB

MD5
d7771aa7dd449cf32ca21beb168dc866

SHA1
dad0ab3f42164dc19828eb35b2f2aa10de001287

SHA256
bf23564e38c09a06118b907b426fbfc1fa041926e09da00a8d9010d14fb986e1

SHA512
d3720b3a5db7f8cc0a2a430fdd525ec2847852e306cd598ffa784132bdf1109650dd91ab206acc5c9ede6c62cfe0b918a950c657618c3c9060411b7f10b866c1

Download Submit
memory/952-54-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download