Overview

overview

8

Static

static

3a6c393245...d7.exe

windows7-x64

8

3a6c393245...d7.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 15:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a6c39324593e8c6d3947defd39abae1d417bdb1b04a25f39e7b9a65ee1ab9d7.exe

  • Size

    120KB

  • MD5

    94834c2882a71175547c79668b136554

  • SHA1

    c98573b73deebb3bf1dd11c88734d7af0205175f

  • SHA256

    3a6c39324593e8c6d3947defd39abae1d417bdb1b04a25f39e7b9a65ee1ab9d7

  • SHA512

    701865de35b35e566d8df71d44afebe0e414dd60383b67cb856d1a21bf908237d02b0c61e245ddbb6e91fbe3f5e1a46a8a578ffc8cf484c5b1a0e4cda4cfc620

  • SSDEEP

    3072:lL0dELjFwv50HLweZYd9/ZZbfzhPboA1xEV7dbf9YypW2:00HLwe09xZb7NboA1xEV7dbf9Yy

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a6c39324593e8c6d3947defd39abae1d417bdb1b04a25f39e7b9a65ee1ab9d7.exe
    "C:\Users\Admin\AppData\Local\Temp\3a6c39324593e8c6d3947defd39abae1d417bdb1b04a25f39e7b9a65ee1ab9d7.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Windows\ads.exe
      C:\Windows\ads.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\ads.exe
    Filesize

    40KB

    MD5

    f71f6a54c1aee057c12674b493ca2183

    SHA1

    1c73c734491ca59c2ea129a1da4030f00fdff5b2

    SHA256

    4b157827e270851b026aacccea376113ce647d9050cedbb9f43b3381323941b9

    SHA512

    8a8e4ae935b10e31e9aedd29880e5a3610a58a2eb7e68dede757d2431bd94bc87fac560530b98b371a7065dfc487430643b513a2f476dbaf04aeffac58e09530

    Download Submit

  • C:\Windows\ads.exe
    Filesize

    40KB

    MD5

    f71f6a54c1aee057c12674b493ca2183

    SHA1

    1c73c734491ca59c2ea129a1da4030f00fdff5b2

    SHA256

    4b157827e270851b026aacccea376113ce647d9050cedbb9f43b3381323941b9

    SHA512

    8a8e4ae935b10e31e9aedd29880e5a3610a58a2eb7e68dede757d2431bd94bc87fac560530b98b371a7065dfc487430643b513a2f476dbaf04aeffac58e09530

    Download Submit

  • memory/1460-56-0x0000000075981000-0x0000000075983000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1460-57-0x0000000003B31000-0x00000000049DD000-memory.dmp

    Filesize

    14.7MB

    Download

  • memory/2040-58-0x0000000000000000-mapping.dmp

    Download

  • memory/2040-63-0x0000000003741000-0x00000000045ED000-memory.dmp

    Filesize

    14.7MB

    Download