Overview

overview

7

Static

static

ad9273a6ad...7b.exe

windows7-x64

7

ad9273a6ad...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/11/2022, 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad9273a6ade080a09c3492cd99f39cc27fa517e3c44d825bde9982510834427b.exe

  • Size

    176KB

  • MD5

    df4cbc5b1363f5c2d3a34be5ca069569

  • SHA1

    0ff1c800a301a06caa4a6b52630a944653a80045

  • SHA256

    ad9273a6ade080a09c3492cd99f39cc27fa517e3c44d825bde9982510834427b

  • SHA512

    6332c0fc0fb70dc1b6ec405c41ff2da370c13c7d1e1dbbae687af2b61f677d56f0476ff1814f07aa56f902e5f2129cafbf5b50c81711258016dc48c9f4b2c69e

  • SSDEEP

    3072:LhxvOvoq1qNvoNzlCnnfdcPlHIWOSTVNAyMMULmMng0yslB7d8w:L/Wj4uNzlefdaHicULpngulM

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad9273a6ade080a09c3492cd99f39cc27fa517e3c44d825bde9982510834427b.exe
    "C:\Users\Admin\AppData\Local\Temp\ad9273a6ade080a09c3492cd99f39cc27fa517e3c44d825bde9982510834427b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\pamsm.dll",AInputStream
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:2856
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:5040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4192
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:82948 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4192 CREDAT:17414 /prefetch:2
        2⤵
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2296

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      4132c54f59c529167c112e7f519120fa

      SHA1

      94cc9036fa031258aa744c7ee88e3c0b6c7a73da

      SHA256

      e9f456cf8bb8cc4a683d1c2f792feeb4c83fff24a86e6bcb260eff8fbff126fb

      SHA512

      e8efb8e81a90ffbe177301fbba4470ded104fc6d12cfa0123938b981d612eb2c4a66bb47b585cd43ed6ed4940e0ad5a1e3a5d9d18f8cb643e741aae694c4baee

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      4bd6381db690ec0704d273dbec31f211

      SHA1

      52770495e4ff68149527806ad60e1700a741f345

      SHA256

      d002c80c1ce32f315f1ebcf855174ef9686303ff06ef2021ef03ca503af5fb63

      SHA512

      709fd679496b3ee49e2634cad8ffc7b2d27f54372aa4cd3fcc4fe38c0e8023ea7f17d994f644c85c6fa54bfc86799b8e0f5de2fa6fd25c0a8c3095e7a28151f8

      Download Submit

    • C:\Users\Admin\AppData\Roaming\pamsm.dll
      Filesize

      176KB

      MD5

      a4e8f0bb87ca43d0cdb15b1572df2be8

      SHA1

      4ca7e7fb0bc5b615f3359c93ce5e7c5870ed73cc

      SHA256

      b8c61ea6f620d788ee32afb00853dfe9534d1fedbd4a1f352f736d83dd761fcd

      SHA512

      9fdf0632b9de4fe288a8e4ab0679c9f8bc4bfc523637ba98ed1798d32120618e2379f87bfed80dedf63f1c329fa1f1ba8b31d0faeeec4678c000e7b5fbacb540

      Download Submit

    • C:\Users\Admin\AppData\Roaming\pamsm.dll
      Filesize

      176KB

      MD5

      a4e8f0bb87ca43d0cdb15b1572df2be8

      SHA1

      4ca7e7fb0bc5b615f3359c93ce5e7c5870ed73cc

      SHA256

      b8c61ea6f620d788ee32afb00853dfe9534d1fedbd4a1f352f736d83dd761fcd

      SHA512

      9fdf0632b9de4fe288a8e4ab0679c9f8bc4bfc523637ba98ed1798d32120618e2379f87bfed80dedf63f1c329fa1f1ba8b31d0faeeec4678c000e7b5fbacb540

      Download Submit

    • C:\Users\Admin\AppData\Roaming\pamsm.dll
      Filesize

      176KB

      MD5

      a4e8f0bb87ca43d0cdb15b1572df2be8

      SHA1

      4ca7e7fb0bc5b615f3359c93ce5e7c5870ed73cc

      SHA256

      b8c61ea6f620d788ee32afb00853dfe9534d1fedbd4a1f352f736d83dd761fcd

      SHA512

      9fdf0632b9de4fe288a8e4ab0679c9f8bc4bfc523637ba98ed1798d32120618e2379f87bfed80dedf63f1c329fa1f1ba8b31d0faeeec4678c000e7b5fbacb540

      Download Submit

    • C:\Users\Admin\AppData\Roaming\pamsm.dll
      Filesize

      176KB

      MD5

      a4e8f0bb87ca43d0cdb15b1572df2be8

      SHA1

      4ca7e7fb0bc5b615f3359c93ce5e7c5870ed73cc

      SHA256

      b8c61ea6f620d788ee32afb00853dfe9534d1fedbd4a1f352f736d83dd761fcd

      SHA512

      9fdf0632b9de4fe288a8e4ab0679c9f8bc4bfc523637ba98ed1798d32120618e2379f87bfed80dedf63f1c329fa1f1ba8b31d0faeeec4678c000e7b5fbacb540

      Download Submit

    • memory/2856-142-0x0000000000F70000-0x0000000000F9E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2856-146-0x0000000010000000-0x000000001002E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/2856-148-0x0000000000E60000-0x0000000000E75000-memory.dmp

      Filesize

      84KB

      Download

    • memory/4588-147-0x0000000002140000-0x0000000002155000-memory.dmp

      Filesize

      84KB

      Download

    • memory/4588-132-0x0000000002140000-0x0000000002155000-memory.dmp

      Filesize

      84KB

      Download

    • memory/4588-137-0x0000000010000000-0x000000001002E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4588-133-0x0000000002160000-0x000000000218E000-memory.dmp

      Filesize

      184KB

      Download