Analysis
-
max time kernel
79s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-11-2022 16:45
General
-
Target
a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe
-
Size
85KB
-
MD5
eb3f29ced2dbc130c73a8382c4df22a2
-
SHA1
6a9fe8c6c24f8cec5f0655871452144735469a74
-
SHA256
a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3
-
SHA512
91452af8efe04651f6729150fdbd56c28819cbe063636406808b742a868d77894fd0a018a43abac039397ca163c2d6f8eb415990fa096746ccbf1ba7059f5114
-
SSDEEP
1536:1CRkOyEArPjZ9g652xtZGTTkwLoIXXmKg5Ez04lqJLseLJefYVt5b9BDZprk+YDq:1UPd47gYMGnnLoInmKoXF5LJeoLbPZpD
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe"C:\Users\Admin\AppData\Local\Temp\a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe"C:\Users\Admin\AppData\Local\Temp\a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\W0MGVRJ8.txtFilesize
535B
MD5d45ac35d89f10280fea8e99cccf6e76a
SHA1df661b725f8eead960883dc75768e893b9abbb72
SHA2566e591641ea7b6b76b265d4c4c79f23a6d16788a4ff14d6694599e7c4148a8e1e
SHA51239ddff876fd3e73b245e130b65107fbaa23f3b4db4abf0bd8f8db41b3663d3947a7a85d0fa23acaf351accc9850096646e89d392471b8c2cce9942287f3382dd
-
memory/1524-56-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1524-57-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1524-59-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1524-60-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1524-61-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1524-62-0x000000000040E792-mapping.dmp
-
memory/1524-64-0x0000000000402000-0x000000000040E800-memory.dmpFilesize
50KB
-
memory/1524-65-0x0000000000402000-0x000000000040E800-memory.dmpFilesize
50KB
-
memory/1524-67-0x0000000075CF1000-0x0000000075CF3000-memory.dmpFilesize
8KB
-
memory/1976-66-0x0000000000400000-0x0000000000447000-memory.dmpFilesize
284KB