Overview

overview

10

Static

static

copia_do_d...to.exe

windows7-x64

10

copia_do_d...to.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    116s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 22:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    copia_do_documento.exe

  • Size

    140KB

  • MD5

    da23a82c2b7f0e3be078dac023e36914

  • SHA1

    836feba24264859fd7a7a73964386342f7757a36

  • SHA256

    4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142

  • SHA512

    1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9

  • SSDEEP

    3072:KqhVNmE0yFVOaeDF9eoyfp7zoH8wf4iBHeS:KqrNJ8ooyF48wf4iBHe

Score
10/10
adwareevasionstealertrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\copia_do_documento.exe
    "C:\Users\Admin\AppData\Local\Temp\copia_do_documento.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Users\Admin\28112022.exe
      "C:\Users\Admin\28112022.exe"
      2⤵
      • UAC bypass
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Installs/modifies Browser Helper Object
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:900
      • C:\Windows\SysWOW64\regsvr32.exe
        C:\Windows\SysWOW64\regsvr32.exe /s c:\Users\Admin\mrouhlns\mrouhlns.dll
        3⤵
          PID:1784
        • C:\Windows\SysWOW64\regsvr32.exe
          C:\Windows\system32\regsvr32.exe /s c:\Users\Admin\mrouhlns\mrouhlns.dll
          3⤵
            PID:2028
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:988
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:988 CREDAT:275457 /prefetch:2
              4⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1528

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\28112022.exe
              Filesize

              140KB

              MD5

              da23a82c2b7f0e3be078dac023e36914

              SHA1

              836feba24264859fd7a7a73964386342f7757a36

              SHA256

              4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142

              SHA512

              1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9

              Download Submit

            • C:\Users\Admin\28112022.exe
              Filesize

              140KB

              MD5

              da23a82c2b7f0e3be078dac023e36914

              SHA1

              836feba24264859fd7a7a73964386342f7757a36

              SHA256

              4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142

              SHA512

              1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9

              Download Submit

            • C:\Users\Admin\28112022.tmp
              Filesize

              60B

              MD5

              9f288d9e8cc3e677598b3f8ec45e5a5c

              SHA1

              efc1f0f5a05e2ffd6b516f8a0ceb4cd5f8c005a0

              SHA256

              815bfdb2782c81f536cfd6b77f550d3b7dd087dab0e00c5101307c96dca60f18

              SHA512

              1c68c6a88ee687e2882153f6706fc875529778d98596a33f7eac078bb265ffa2c1c342e2c5a94df1335aa52f63405f5b608cec066bfaa96d0e33b047456868eb

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7B5QGMX7.txt
              Filesize

              608B

              MD5

              fb608432c36dde91f588d341c1d62d5f

              SHA1

              91bf5c4ee7fa817280f1128e34255b8a5f6dfe8b

              SHA256

              3763c2b8fc9fe1d73549163a1effdff8186a27dd3f53f7e5e98060bde828001c

              SHA512

              ec8b5c559f1cc7490c1e817c5d685a691aea663246d661d8ab853ae28df0ad53ec366e958417b67d895f6d58e1d9f8fae388bfbdc71aa0f19ec0b091913207a6

              Download Submit

            • \Users\Admin\28112022.exe
              Filesize

              140KB

              MD5

              da23a82c2b7f0e3be078dac023e36914

              SHA1

              836feba24264859fd7a7a73964386342f7757a36

              SHA256

              4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142

              SHA512

              1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9

              Download Submit

            • \Users\Admin\28112022.exe
              Filesize

              140KB

              MD5

              da23a82c2b7f0e3be078dac023e36914

              SHA1

              836feba24264859fd7a7a73964386342f7757a36

              SHA256

              4fc6e89128e13ba773311448e69a718b278172810537caee89fe415457f73142

              SHA512

              1484f659e12be82d4ecc7f27c6edf364e935c0acc0a86245d1f8fc47d33ea8ec6df3ab7e2b922672f68b62a5a5b7edbcfbde8b34f61ca537858b2a81549534e9

              Download Submit

            • memory/1200-56-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

              Filesize

              8KB

              Download