Analysis

  • max time kernel
    87s
  • max time network
    111s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 07:05

General

  • Target

    804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78.exe

  • Size

    400KB

  • MD5

    ea48a9ca64f7418365b9604aa7a97aeb

  • SHA1

    795340a02494d3ff0406e5139fa4027189912676

  • SHA256

    804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78

  • SHA512

    e04b7eb4e10bdf4f8babbae1439f6a78e6e8721bb7c47301eafe1a5e410abdf8bf604aa89db53409eba2a76bacd6f636a77169e15f4b73106eadaa3cee00f7ac

  • SSDEEP

    6144:HJqr5L3BT9qj8tfRlIgVVu+z1J+x3DdHO2kju9m8nlm96+igw:HJ03BBFdXrj53+ZRHOvjumclnxB

Malware Config

Signatures

  • Drops file in Drivers directory 64 IoCs
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78.exe
    "C:\Users\Admin\AppData\Local\Temp\804c907fc99134e018d6fcb4371b65826633c0184f8976fe4a24d19803203d78.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:916

Network

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/916-54-0x0000000000400000-0x00000000004AA000-memory.dmp
    Filesize

    680KB

  • memory/916-56-0x0000000076871000-0x0000000076873000-memory.dmp
    Filesize

    8KB

  • memory/916-57-0x0000000000400000-0x00000000004AA000-memory.dmp
    Filesize

    680KB