Overview

overview

7

Static

static

bf32013434...95.exe

windows7-x64

7

bf32013434...95.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 18:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf320134340e8ea68572a1dd1804975ed77503f380c512ec00e96ea9b759ef95.exe

  • Size

    176KB

  • MD5

    378e425030307aad6c8c6f893c7a8e97

  • SHA1

    460a24628f079a4cdfa5a8a776796fa14cb901d7

  • SHA256

    bf320134340e8ea68572a1dd1804975ed77503f380c512ec00e96ea9b759ef95

  • SHA512

    821cf03ab31e36eaa0eb388d8bbad04afcc6c7c9f6fa8a941c0f560568965767db67b32c81fdc5275a024db393fa1e2d6dbd6c28cc7b353ad463800d541fbc97

  • SSDEEP

    3072:rHA5Hnpxjp7IFvk1iPo7brqseJQmL2VgLfnnXa0tRYyWcDoRQFQDU47TVPYZmxpC:bALIF81T7Hg2mLfznqIR9NDM0QZBPY

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 20 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf320134340e8ea68572a1dd1804975ed77503f380c512ec00e96ea9b759ef95.exe
    "C:\Users\Admin\AppData\Local\Temp\bf320134340e8ea68572a1dd1804975ed77503f380c512ec00e96ea9b759ef95.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\mlent.dll",AGetVolume
      2⤵
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:4868
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2368
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:17414 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:17418 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1060
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3780 CREDAT:17422 /prefetch:2
        2⤵
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1656

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      0ff2da8bfc83bec6bce38ba6a3f7bf58

      SHA1

      84c37df7bed08d69f040c289676735c49a9564eb

      SHA256

      91026f24711c435d99a44884c7239ed1265cd17c0259a6c5885f69e4309421ea

      SHA512

      78afdc44d7557b2f14444182085252e8456c91289511d6f2abfd1d7273d05baba9a94206d370add716b9fc30dc326a1a2e1c78f642e926759d962cf216c3a489

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      817169b781f0a013944bef3d91271348

      SHA1

      27e3c333a549ff39d0548440d4dfc42607291f19

      SHA256

      24de3dce0d2aad072de51ab1a3b789291b5016cd60af948976d81816153581d4

      SHA512

      ccac3f438215a3af4f36febc2935694801283e7792bfbc0c26dc10796c0ededd1ba8356890818df183e15282eb46cf235cfe1224f2b2148efc86a6f19467253f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\mlent.dll
      Filesize

      176KB

      MD5

      7a82a6c6012081aa8f1c99b1c9bce113

      SHA1

      3b5896ea07a5f66b1c79e12135985c79caaf4067

      SHA256

      b3eb71748ea458ce37665ea8618d07e12e31fd06d9a3bfb4038f91f8928ce1fd

      SHA512

      5f1e606a6601bd8ea83c2dcc68c323e93a4e8cbf0a0d9ea335b81cdfb972ac09f20469a9f541c09187671ee3df098e379419ef1b2745ea0254009f110a92a94b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\mlent.dll
      Filesize

      176KB

      MD5

      7a82a6c6012081aa8f1c99b1c9bce113

      SHA1

      3b5896ea07a5f66b1c79e12135985c79caaf4067

      SHA256

      b3eb71748ea458ce37665ea8618d07e12e31fd06d9a3bfb4038f91f8928ce1fd

      SHA512

      5f1e606a6601bd8ea83c2dcc68c323e93a4e8cbf0a0d9ea335b81cdfb972ac09f20469a9f541c09187671ee3df098e379419ef1b2745ea0254009f110a92a94b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\mlent.dll
      Filesize

      176KB

      MD5

      7a82a6c6012081aa8f1c99b1c9bce113

      SHA1

      3b5896ea07a5f66b1c79e12135985c79caaf4067

      SHA256

      b3eb71748ea458ce37665ea8618d07e12e31fd06d9a3bfb4038f91f8928ce1fd

      SHA512

      5f1e606a6601bd8ea83c2dcc68c323e93a4e8cbf0a0d9ea335b81cdfb972ac09f20469a9f541c09187671ee3df098e379419ef1b2745ea0254009f110a92a94b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\mlent.dll
      Filesize

      176KB

      MD5

      7a82a6c6012081aa8f1c99b1c9bce113

      SHA1

      3b5896ea07a5f66b1c79e12135985c79caaf4067

      SHA256

      b3eb71748ea458ce37665ea8618d07e12e31fd06d9a3bfb4038f91f8928ce1fd

      SHA512

      5f1e606a6601bd8ea83c2dcc68c323e93a4e8cbf0a0d9ea335b81cdfb972ac09f20469a9f541c09187671ee3df098e379419ef1b2745ea0254009f110a92a94b

      Download Submit

    • memory/2672-132-0x0000000002130000-0x0000000002145000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2672-133-0x0000000002160000-0x000000000218F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/2672-145-0x0000000002130000-0x0000000002145000-memory.dmp

      Filesize

      84KB

      Download

    • memory/4868-141-0x0000000000770000-0x000000000079F000-memory.dmp

      Filesize

      188KB

      Download

    • memory/4868-146-0x0000000000540000-0x0000000000555000-memory.dmp

      Filesize

      84KB

      Download