Analysis
-
max time kernel
133s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-12-2022 06:56
General
-
Target
82ef9e9640e1d6dd8e77c30bbcf58536492faa9851744d602f8f354231cbdfa3.exe
-
Size
1.3MB
-
MD5
31bf01bc8823907bf30c5e69a9b49dbf
-
SHA1
42612c77be0a167d5125dd4c5f4efc9527e77e8b
-
SHA256
82ef9e9640e1d6dd8e77c30bbcf58536492faa9851744d602f8f354231cbdfa3
-
SHA512
830f1aa7fa742cea0b461678ada7fde6718f4a972076713655cf940af16f0f2141b268074d7291ccb8f6b912b98190630cf2215f6fa745546506efdbdfbb52f2
-
SSDEEP
24576:8IfRiOOA3tvjc/9BI0h1eLHXaglJdaCFPzCvJFr6tF:8I5NVE9+2glJYCF7U+
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Uses the VBS compiler for execution 1 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\82ef9e9640e1d6dd8e77c30bbcf58536492faa9851744d602f8f354231cbdfa3.exe"C:\Users\Admin\AppData\Local\Temp\82ef9e9640e1d6dd8e77c30bbcf58536492faa9851744d602f8f354231cbdfa3.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\plugtemp\vbc.exeC:\Users\Admin\AppData\Local\Temp\\plugtemp\vbc.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=vbc.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:280 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD534aa912defa18c2c129f1e09d75c1d7e
SHA19c3046324657505a30ecd9b1fdb46c05bde7d470
SHA2566df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386
SHA512d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98
-
Filesize
1.1MB
MD534aa912defa18c2c129f1e09d75c1d7e
SHA19c3046324657505a30ecd9b1fdb46c05bde7d470
SHA2566df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386
SHA512d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98
-
Filesize
535B
MD5523152f361f181ff1985f1101dc2d99e
SHA136a11af471b266f404831f3b10aad48e14c032b1
SHA256ad1da3d74b51b120eea274b352c50aa03ea153a7d37a91077e2567336c8463fe
SHA512b0198f5d65d1994c0986220c0f820f7f36393ca708a9c8045eef887375d1c238ad07aedb1834ad49e176e4a5dc489be179ee693f28dce73d20064e941be3ddf1
-
Filesize
1.1MB
MD534aa912defa18c2c129f1e09d75c1d7e
SHA19c3046324657505a30ecd9b1fdb46c05bde7d470
SHA2566df94b7fa33f1b87142adc39b3db0613fc520d9e7a5fd6a5301dd7f51f8d0386
SHA512d1ea9368f5d7166180612fd763c87afb647d088498887961f5e7fb0a10f4a808bd5928e8a3666d70ff794093c51ecca8816f75dd47652fd4eb23dce7f9aa1f98
-
Filesize
5.7MB
-
Filesize
68KB
-
Filesize
68KB
-
Filesize
5.7MB
-
Filesize
8KB
-
Filesize
1000KB
-
-
Filesize
1000KB
-
Filesize
55KB
-
Filesize
1000KB
-
Filesize
55KB
-
Filesize
1000KB
-
Filesize
1000KB