Overview

overview

6

Static

static

283565f268...b7.exe

windows7-x64

1

283565f268...b7.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    107s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 08:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    283565f26836b62a47c6fb39fe62101fd32df275fb0c0045d6caca06574befb7.exe

  • Size

    499KB

  • MD5

    4294fad174f3d14cc74714b1a994d1d0

  • SHA1

    5ba7ef0529c596699fdc2696cf6832440cc6315a

  • SHA256

    283565f26836b62a47c6fb39fe62101fd32df275fb0c0045d6caca06574befb7

  • SHA512

    491f0f8cc768a44437235a3b0297040f3490120add3f1d07861a851e05bcf518c188fbcba0b341a04e8b8a80d6e45e8b9eeb7aa71ae9206515da23907a277e48

  • SSDEEP

    12288:SSu+HLbz0YnTkYU7NTEb+p2BZtPnAlOfZA1i3Oz5s:SStrv0Ytbv1Rfi6

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\283565f26836b62a47c6fb39fe62101fd32df275fb0c0045d6caca06574befb7.exe
    "C:\Users\Admin\AppData\Local\Temp\283565f26836b62a47c6fb39fe62101fd32df275fb0c0045d6caca06574befb7.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=283565f26836b62a47c6fb39fe62101fd32df275fb0c0045d6caca06574befb7.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:892 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1640

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\T0I0EIA1.txt
    Filesize

    608B

    MD5

    ab9d9e08affb8589d3be91dcf6e07d75

    SHA1

    df3217b5db27c85eb9af995eb834772bc6a714b5

    SHA256

    c11991ad32f7feedb876a796276c86d88cd38d5f47adc70a3a5edc6aec40ad00

    SHA512

    ab9cb66c07fbf7aa0854f042a57d130edfe0037681b5ebb33955012d4d4ab0329e677fb6d8edaba51a68cde97e761cf4a0232f10eac6b2af540a058be34698eb

    Download Submit
  • memory/1368-55-0x0000000000400000-0x0000000000436000-memory.dmp
    Filesize

    216KB

    Download
  • memory/1368-56-0x00000000001B0000-0x00000000001B4000-memory.dmp
    Filesize

    16KB

    Download
  • memory/1368-57-0x0000000000440000-0x0000000000479000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1368-58-0x0000000074E41000-0x0000000074E43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1368-59-0x0000000000400000-0x0000000000436000-memory.dmp
    Filesize

    216KB

    Download
  • memory/1368-60-0x0000000000440000-0x0000000000479000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1368-61-0x0000000001D11000-0x0000000001D15000-memory.dmp
    Filesize

    16KB

    Download