Analysis
-
max time kernel
141s -
max time network
194s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
01-12-2022 19:05
General
-
Target
b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449.exe
-
Size
1.1MB
-
MD5
39ecc70c2d2baf144d81c8a8c930c064
-
SHA1
bd2313bed774d4804de7e2ce65a9820c81a91c73
-
SHA256
b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449
-
SHA512
bb8a79f8336b8de9150bc59274bd762a20eee2a900a1592e6f87bd18a32af0f3f359e556549016ec67fb701d082440c8d76b9ec9196dffa839e358912fd2e8a9
-
SSDEEP
24576:PC7I14/6ZNetmSwfC7lZwhgppoud4UvMt:qk7Md
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 17 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449.exe"C:\Users\Admin\AppData\Local\Temp\b52230ba0750810d362bf8f58f0332eec710ce0e6b61fd89b68d0dc108f53449.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\win34.exeC:\Users\Admin\AppData\Local\Temp\win34.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=win34.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.03⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:276 CREDAT:275457 /prefetch:24⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\win34.exeFilesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
C:\Users\Admin\AppData\Local\Temp\win34.exeFilesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BAPYICQA.txtFilesize
533B
MD56484c5f9e7a22a9218624eb4c489b8dc
SHA1516cdc6ce161ca1b7f29550fe7c1b697c0ed63d0
SHA256541bbe8f4227d5f051409903d12fac2a62dd4f56411552ca9b613916e533355c
SHA512dfa70900aa5849761fa25bdf4240af0d362955aabe2f235dbc7effe0f8f0f0e167151c871858d67ee7159db85135ab45fdeb2aea27f61d45866ed1d41dfe3385
-
\Users\Admin\AppData\Local\Temp\win34.exeFilesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
\Users\Admin\AppData\Local\Temp\win34.exeFilesize
4KB
MD55e5ecae8b08152c885904cde71c50dad
SHA1727f24d102ab29be690c783ddc149b3a39430fb6
SHA256b3550952a2474802ae5f2d2d7e75987ccd7ca23baa8ba015c3eaa6fd04b55541
SHA512dd6287a8471aa575abbcf46300ac64a170c0cb19052d779c7bc0899149c6114a4e42520756dae1598e18458d94522d6c7701a7bc3a37067ac2a1616dbbf8e5ea
-
memory/888-58-0x0000000000400000-0x00000000004C6000-memory.dmpFilesize
792KB
-
memory/888-61-0x0000000000400000-0x00000000004C6000-memory.dmpFilesize
792KB
-
memory/888-62-0x0000000000400000-0x00000000004C6000-memory.dmpFilesize
792KB
-
memory/888-63-0x00000000004C040E-mapping.dmp
-
memory/888-60-0x0000000000400000-0x00000000004C6000-memory.dmpFilesize
792KB
-
memory/888-66-0x0000000000402000-0x00000000004C1000-memory.dmpFilesize
764KB
-
memory/888-67-0x0000000000402000-0x00000000004C1000-memory.dmpFilesize
764KB
-
memory/888-57-0x0000000000400000-0x00000000004C6000-memory.dmpFilesize
792KB
-
memory/956-54-0x0000000075B61000-0x0000000075B63000-memory.dmpFilesize
8KB
-
memory/956-69-0x0000000074510000-0x0000000074ABB000-memory.dmpFilesize
5.7MB
-
memory/956-71-0x0000000074510000-0x0000000074ABB000-memory.dmpFilesize
5.7MB