Overview

overview

6

Static

static

5

4ca9c066f3...bc.exe

windows7-x64

5

4ca9c066f3...bc.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc.exe

  • Size

    1.1MB

  • MD5

    a6c84f6b96e016a2093bb546d4b597e2

  • SHA1

    e55ecff5d86f7b23b7809600a7df86d067a2d45c

  • SHA256

    4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc

  • SHA512

    f9cc8b3116353acd8174c6e30d772337df1e5dc8a7be107402428dc414739ef66a8085e3b9097d0592fc714132247ffc36e98c5953f9755c652fb3633ed486dd

  • SSDEEP

    24576:htb20pkaCqT5TBWgNQ7aGRVZe8MdRYtN+b6A:yVg5tQ7aGY8M8tC5

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • NTFS ADS 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 4 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc.exe
    "C:\Users\Admin\AppData\Local\Temp\4ca9c066f3a6ef10e3ba272b749514384ab277c3819047f57d42b4a744594abc.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • NTFS ADS
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Windows\SysWOW64\WerFault.exe
      "C:\Windows\SysWOW64\WerFault.exe"
      2⤵
        PID:816
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=WerFault.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1716
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:908

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\POG1S5H0.txt
      Filesize

      608B

      MD5

      731987c57a96ea3dc0c53c0c0c9b7ff3

      SHA1

      38f380b32f82ef9ed01366862d5f1689d8481dfe

      SHA256

      ff918add40b03db87c6daf371b8c507ff18391ef84785215fa49c42e6a59f97d

      SHA512

      83e8af95e3564ab59a962d22f6bffdf9a18c1da40b5d4856b46a1786802da37c31dcd162cdc555660f759536d73bef5920548825eca2cf071f1731f06dc3a292

      Download Submit
    • memory/816-55-0x0000000000400000-0x000000000044A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/816-56-0x0000000000400000-0x000000000044A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/816-58-0x0000000000400000-0x000000000044A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/816-59-0x0000000000400000-0x000000000044A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/816-60-0x0000000000400000-0x000000000044A000-memory.dmp
      Filesize

      296KB

      Download
    • memory/816-61-0x000000000044514E-mapping.dmp
      Download
    • memory/1224-54-0x0000000076711000-0x0000000076713000-memory.dmp
      Filesize

      8KB

      Download