Overview

overview

1

Static

static

5a2c6e630c...01.exe

windows7-x64

1

5a2c6e630c...01.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    124s
  • max time network
    173s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 04:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a2c6e630c08111b019d924d1e48399871690d7ecceba0b4faa386637266ee01.exe

  • Size

    147KB

  • MD5

    f93f1b2a6d6cef4943ee4ce91235fe5d

  • SHA1

    0fac889bce849edefa663682e3b6099ed9a58f87

  • SHA256

    5a2c6e630c08111b019d924d1e48399871690d7ecceba0b4faa386637266ee01

  • SHA512

    58f00805524dd6c552e61f36330383713340ebf54412d6f4a4f7b4c51523df403a05a979798b3c880f15add65a3b290f15f17f7f2f4c25dc9632a9d4bf7be357

  • SSDEEP

    1536:qNNiBbH+EkFU5pT0bNkp7Vgjnqym4cbNA04RaAWj6wpUz:qNhEKUrgb2p7VgjqypcRA0eaA8gz

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a2c6e630c08111b019d924d1e48399871690d7ecceba0b4faa386637266ee01.exe
    "C:\Users\Admin\AppData\Local\Temp\5a2c6e630c08111b019d924d1e48399871690d7ecceba0b4faa386637266ee01.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:900
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2000
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1936
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GZJBPPLQ.txt
    Filesize

    539B

    MD5

    9c341374822372420f30982961baf959

    SHA1

    e124bfb8669853ae36a5f71f2ae6f3a638704333

    SHA256

    cbce4260f9ba35a436348d31e71187b44cf422bc3c89fc711bafb0ee53b9e4f5

    SHA512

    d7bf9629aa2ca0364aaa065b443536547531315644a72911448a3fed90f98b32bb4d49ce4a2d7fbc3182338cc5c49e89a45c6c3e50c103613bbcc5d554334104

    Download Submit

  • memory/900-54-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/900-55-0x0000000075571000-0x0000000075573000-memory.dmp

    Filesize

    8KB

    Download

  • memory/900-56-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/900-57-0x0000000000360000-0x0000000000371000-memory.dmp

    Filesize

    68KB

    Download

  • memory/900-58-0x00000000020F0000-0x000000000213E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/900-60-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/900-61-0x00000000020F0000-0x000000000213E000-memory.dmp

    Filesize

    312KB

    Download