Overview

overview

8

Static

static

6b9ba3998d...76.exe

windows7-x64

6

6b9ba3998d...76.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    195s
  • max time network
    217s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe

  • Size

    231KB

  • MD5

    25361e1188398c1b7d3fea6d4b0eb7d0

  • SHA1

    3336dd7937c7887571f7f53645380f1e3f35924b

  • SHA256

    6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76

  • SHA512

    26f658e70d4b8b8f1b53461922ce6ebe0a3f1c7879400f52fa51dbb1373081c313039917f41f45237b0ad91971e7b7b19a49ae299b20b9b3ec283deffaa5d020

  • SSDEEP

    6144:2/3+cBezHTGvRzbsWpJuIDMzYlmpOkIpkZ1hZl:2/9Ci1bRkSQBl

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe
    "C:\Users\Admin\AppData\Local\Temp\6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1588
    • C:\program files\Internet Explorer\IEXPLORE.EXE
      "C:\program files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5048
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5048 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4512
    • C:\Windows\SysWOW64\notepad.exe
      C:\Windows\system32\notepad.exe
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4260
      • C:\Users\Admin\AppData\Local\Temp\6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe
        C:\Users\Admin\AppData\Local\Temp\6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe
        3⤵
        • Executes dropped EXE
        PID:4656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6b9ba3998d267ec9ff37f0d4b42080c64b14da2ecbed87be4fba9e15207b5c76.exe
    Filesize

    158KB

    MD5

    c353ef35218272c2242233b4a818784b

    SHA1

    5f3e7bb6baab70100305af72ff1c439d3a7f6b9d

    SHA256

    20426ed9cc5e9234b8090d4bf6b949597912923477049d105b9509b16646bafc

    SHA512

    f4a5daac9efadb86af78fe5ccfd7eb5d513991d0784726c5e4008420977155f4dc416ba88ddeb4e330ea344f6fe0c64e9981c30b2f7ed6437cb83e3f764c50e7

    Download Submit

  • memory/4260-132-0x0000000000000000-mapping.dmp

    Download

  • memory/4260-133-0x0000000013150000-0x0000000013165000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4656-134-0x0000000000000000-mapping.dmp

    Download