Overview

overview

6

Static

static

ceafbac199...26.exe

windows7-x64

6

ceafbac199...26.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    225s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 21:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26.exe

  • Size

    137KB

  • MD5

    65ca6567be098c08ea89a45c3f967f0d

  • SHA1

    af04d3b1ef55ff27ec4a7cb53482fd3fa96c7074

  • SHA256

    ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26

  • SHA512

    4235e57852506a607623cb48bddfb4839f3d70a15b575d28ed43c6b6c71216037937b8f6c22c971045eb05c8ecbf74261f06eb869dd4c21338980bb5eddc6888

  • SSDEEP

    3072:/J34L6sf1jfKT4dxBWpCiLIPZgwqGWwf0JcC97fW:/JoL6Sjiq71qwqWA

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26.exe
    "C:\Users\Admin\AppData\Local\Temp\ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1044
    • C:\Users\Admin\AppData\Local\Temp\ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26.exe
      C:\Users\Admin\AppData\Local\Temp\ceafbac199d4ba8b129af9b76fbbab873ec83df964fb24641ae8fcf3bae18c26.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:520
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1684
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1304
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1304 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:108

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JZIZV00I.txt
    Filesize

    539B

    MD5

    b01e4409fda0d8ba9dc73be44d545616

    SHA1

    b899cad3eff387b5cc07df6120a29b191c9e73dd

    SHA256

    e47de0ce09eab1ce4d2694f8b7ff6fd0f832699d7314da92941935c61d3f6629

    SHA512

    383d22fd75c438f120e7e71b3ff61f1fff527386c9d674d0bd729ca486553b77d0687dca724ec690bdcc01ee7774f21222b62882080d996fd0ec35e872498e55

    Download Submit

  • memory/520-74-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-68-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-59-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-61-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-63-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-66-0x0000000076931000-0x0000000076933000-memory.dmp

    Filesize

    8KB

    Download

  • memory/520-76-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-54-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-69-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-57-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-72-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-67-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-78-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-80-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-82-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-84-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-86-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-88-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-90-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-94-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-92-0x0000000000290000-0x00000000002DE000-memory.dmp

    Filesize

    312KB

    Download

  • memory/520-55-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download