ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d

Analysis

max time kernel
53s
max time network
131s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe
Size

584KB
MD5

44e2c561f8d80441cbe3fc69010d197e
SHA1

3d7261e7689700b8645e1d582237ea107bf7c88f
SHA256

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d
SHA512

8ce03161c60378cec743968d25a3c5b6b67b875ebf790c907c8a4caa0449c774dbcc5015ca0d93495cc35306775868a1869d55d7de8cb15775e4bb846a4678d9
SSDEEP

12288:EskxoMS9YthPNrjI8cwQs0yDrHKen3CGz2kHxcE6CuQgp:DkiMLrAPyDrJ7t1gp

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
behavioral1/memory/1396-54-0x0000000000400000-0x0000000000527000-memory.dmp	vmprotect
behavioral1/memory/1396-58-0x0000000000400000-0x0000000000527000-memory.dmp	vmprotect

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

pid process

1396 ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

pid process

1396 ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

pid	process
1396	ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe
1396	ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe
1396	ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe

C:\Users\Admin\AppData\Local\Temp\ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe
"C:\Users\Admin\AppData\Local\Temp\ecb7b13a038b307df01860c47f2e17160158ef96a5cc6440236db1dc82c5fe6d.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1396

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1396-54-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1396-57-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1396-58-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1396-59-0x00000000045E1000-0x000000000548D000-memory.dmp

Filesize
14.7MB

Download