Overview

overview

6

Static

static

b0ff2f5a59...78.exe

windows7-x64

1

b0ff2f5a59...78.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    104s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 20:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b0ff2f5a59e8e4d3a81165a4170c5343a572484bc2963b54c1288b8fa07cae78.exe

  • Size

    3.5MB

  • MD5

    3f4b912ed5481aa71ce00a82a3b48be6

  • SHA1

    96f1bf2deee38e0272d1c5d6782bc988c7a33bb7

  • SHA256

    b0ff2f5a59e8e4d3a81165a4170c5343a572484bc2963b54c1288b8fa07cae78

  • SHA512

    b0894d056f30defae618d4fcd289da9e89d49cd23274df882fbf089a8a13ddc00769456c708b819db19db13c1c2d31635c3709fbe2dbf5f6bd4c656e31b363e1

  • SSDEEP

    98304:KqoKUUypUG/q/x8Cm+tqjLJ/0U3Bd8BSBRqm:eKNw/VCLIjLH3ngg

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b0ff2f5a59e8e4d3a81165a4170c5343a572484bc2963b54c1288b8fa07cae78.exe
    "C:\Users\Admin\AppData\Local\Temp\b0ff2f5a59e8e4d3a81165a4170c5343a572484bc2963b54c1288b8fa07cae78.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.mlplay.com/download.html
      2⤵
        PID:2020
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1628
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mlplay.com/download.html
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1736
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1736 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:796

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e7096db725aa2e266b4e25f8ce1d7e57

      SHA1

      9c7c62fa6174c7d39e21342a6b867901810ad5db

      SHA256

      2df7329d86c859bae0d6e7ad0123410049220ae6366837543ba318e61153e7eb

      SHA512

      4126a0a33fef6ca5f55832000768bc2e91f9700c5c364e51f476f8d16f954a243718c6de6337011d69e2d47f2e9c6c05e2d0ecfa41e43b9d8d2b2bdf6ea90f2c

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
      Filesize

      4KB

      MD5

      b20977d58af75fc366f5f76e7160e845

      SHA1

      4fa88afd93920a9786809423b40d97ec9ee654ca

      SHA256

      d10eb69600bd2b211dca9b30b525445ea1ee02eddd7dc5df8472a3f12b64d48a

      SHA512

      9796253502c681a26b90f0befe1a3dc912d2f5c71b47b5f51c506a6b0437e90755d88265b2d71acaa3a9afb76d933bd8577065ac2c658099cad84d620801cb19

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\D8IUPS9Q.txt
      Filesize

      608B

      MD5

      ec1c8b4446a21623ff1b569776c64133

      SHA1

      5b977625ce42bb337e396b23e2d41bc9cab24757

      SHA256

      f075c54a8a5ebeefb72d008976a21f2eae7979949cc513124d56e319f28bb7bb

      SHA512

      104c529f234489d197a061599ba97a83b082ffd51a344e042dde7227a190e2d9aaea9d60a4e8297f2aacec0884777f5294153a324b8b9af2ad51de0387fe1815

      Download Submit
    • memory/1628-59-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2020-56-0x0000000000000000-mapping.dmp
      Download
    • memory/2020-58-0x0000000074421000-0x0000000074423000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2028-54-0x0000000075A71000-0x0000000075A73000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2028-55-0x0000000000400000-0x0000000000790000-memory.dmp
      Filesize

      3.6MB

      Download
    • memory/2028-60-0x0000000000400000-0x0000000000790000-memory.dmp
      Filesize

      3.6MB

      Download