Overview

overview

7

Static

static

a0c143423d...9e.exe

windows7-x64

7

a0c143423d...9e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0c143423dc26ee96f73d6c34dc4c225aab159a54c93d0dd332188742d24599e.exe

  • Size

    173KB

  • MD5

    de347802219283b6c75b6a653c3b4576

  • SHA1

    60a10f3a894e3f5f5ba3f5d0275161694157c3e5

  • SHA256

    a0c143423dc26ee96f73d6c34dc4c225aab159a54c93d0dd332188742d24599e

  • SHA512

    8dee26ee2591aafac325f8bac16dd7f4cb61e709895a2c60c9a98f5960eea381fb9ba8189a8791ef2b3db60e02f7cdacda3d0222f91c4195ef285f6b74050ca7

  • SSDEEP

    3072:IGxypDKhqiTT2VL631Vt4ow/w9vAtKfQNFtjHn7nED7mGbBfThukTnmi4J:F0NAHkQGo8MkLtjnEmGdwk77

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0c143423dc26ee96f73d6c34dc4c225aab159a54c93d0dd332188742d24599e.exe
    "C:\Users\Admin\AppData\Local\Temp\a0c143423dc26ee96f73d6c34dc4c225aab159a54c93d0dd332188742d24599e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\dadol.dll",PszAllocW
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:4624
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1284
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1688
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:82948 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:82952 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:372
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:82956 /prefetch:2
        2⤵
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:484

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      bd4f3cb3175ff83bbc2c827705950a60

      SHA1

      9d940539de8317a8a6444559d9fc9f190dd9f80b

      SHA256

      ff821119d7d2bf9d795503ed63996c81611b84cdcdacac943da9a9ae2d0d2384

      SHA512

      02b99cb5a7e2cf6004fd010c5718f85830aca7b6f43b5ed929d2df8ca4209a29cfd9e54280a35392b2617ab58e578c097834ce24e9baa8b226c6181c64c0d377

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      efca872665ec2755752f4abb9f8076a5

      SHA1

      fbb69fa3b5910aa79280246a7167f1ed30916e29

      SHA256

      c5cc684d84c39800a85102052aca386f1d570f7edc203f03507fd43cb6aeae78

      SHA512

      be2c0d4ffb2534bc86e7aa65c1e3984d17ba17126e9697873bd80f70277745f22514fc097903b440b740f2f7d1dd6631989c7b4166845341904e9ce61122fab6

      Download Submit

    • C:\Users\Admin\AppData\Roaming\dadol.dll
      Filesize

      173KB

      MD5

      0fb75fe3e440401d4b6d4645ce0b0b7d

      SHA1

      5481ba0dc67a5286a5f1a4b6e1b9fdc55150b3e7

      SHA256

      2b8fce2c30d5b888b470a0484fd82b53ab2b63c63d006af3c4835549282f5f51

      SHA512

      4937194e6c75b3d1d4cbbd4635bdc6483b18edd543bbb8fc2f07e1b3f992517062f456e4339ec11a67c890af76242ca9556c2eba2839139ddb956d48259c8b1c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\dadol.dll
      Filesize

      173KB

      MD5

      0fb75fe3e440401d4b6d4645ce0b0b7d

      SHA1

      5481ba0dc67a5286a5f1a4b6e1b9fdc55150b3e7

      SHA256

      2b8fce2c30d5b888b470a0484fd82b53ab2b63c63d006af3c4835549282f5f51

      SHA512

      4937194e6c75b3d1d4cbbd4635bdc6483b18edd543bbb8fc2f07e1b3f992517062f456e4339ec11a67c890af76242ca9556c2eba2839139ddb956d48259c8b1c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\dadol.dll
      Filesize

      173KB

      MD5

      0fb75fe3e440401d4b6d4645ce0b0b7d

      SHA1

      5481ba0dc67a5286a5f1a4b6e1b9fdc55150b3e7

      SHA256

      2b8fce2c30d5b888b470a0484fd82b53ab2b63c63d006af3c4835549282f5f51

      SHA512

      4937194e6c75b3d1d4cbbd4635bdc6483b18edd543bbb8fc2f07e1b3f992517062f456e4339ec11a67c890af76242ca9556c2eba2839139ddb956d48259c8b1c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\dadol.dll
      Filesize

      173KB

      MD5

      0fb75fe3e440401d4b6d4645ce0b0b7d

      SHA1

      5481ba0dc67a5286a5f1a4b6e1b9fdc55150b3e7

      SHA256

      2b8fce2c30d5b888b470a0484fd82b53ab2b63c63d006af3c4835549282f5f51

      SHA512

      4937194e6c75b3d1d4cbbd4635bdc6483b18edd543bbb8fc2f07e1b3f992517062f456e4339ec11a67c890af76242ca9556c2eba2839139ddb956d48259c8b1c

      Download Submit

    • memory/3368-133-0x0000000002160000-0x000000000218E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3368-137-0x0000000010000000-0x000000001002E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/3368-132-0x0000000002140000-0x0000000002154000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3368-147-0x0000000002140000-0x0000000002154000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4624-142-0x0000000000E10000-0x0000000000E3E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4624-148-0x0000000000DF0000-0x0000000000E04000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4624-146-0x0000000010000000-0x000000001002E000-memory.dmp

      Filesize

      184KB

      Download