Overview

overview

6

Static

static

0a1c60eff2...d8.exe

windows7-x64

6

0a1c60eff2...d8.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2022 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a1c60eff2a210032334de80f0ba71d0b9c2082476edb594ae93b5a720d163d8.exe

  • Size

    1.4MB

  • MD5

    39d606973e84c16179ab56697046ca20

  • SHA1

    9214930c1ab820c0464d7d7290ab7d0582b2874a

  • SHA256

    0a1c60eff2a210032334de80f0ba71d0b9c2082476edb594ae93b5a720d163d8

  • SHA512

    e68180a963a1dd7a17686f8420f3b0ec9bccb43177b2d0dee7e1c9efa120c165c5a593096963df186b6c4579008f92ef2bc06b32894bf7f9e281da56cdadaeff

  • SSDEEP

    24576:szYXUoAenHeqmiz9R6ExiAFaxFTKMAHn6anFLgCi1sN9hvytuaM3BCmrxIev5Sxu:FkrenHeyd2TKRHnbzlz4tuymrx35M3tc

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a1c60eff2a210032334de80f0ba71d0b9c2082476edb594ae93b5a720d163d8.exe
    "C:\Users\Admin\AppData\Local\Temp\0a1c60eff2a210032334de80f0ba71d0b9c2082476edb594ae93b5a720d163d8.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of SetWindowsHookEx
    PID:4860
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:1628
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3388 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4044

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zpu22o1\imagestore.dat
      Filesize

      1KB

      MD5

      3cf13aca8e3c804883c6da1779119cf5

      SHA1

      3c24ea82c651a6225f3b763ee44d0153eee8e361

      SHA256

      3b253518a7f136deed3ca21708a2ed994c70f69ee088b586584cfa213cea2d22

      SHA512

      456e6d441a9771f6b8abc39753ee6f1ae23cd0d4784740f2a19167466533cfdb78d9ef0b8c8f616d82b65e41374a4c334682d1c2fe5e94c653d9dd71a4b6a827

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54DSOF0M\favicon[1].ico
      Filesize

      1KB

      MD5

      291530f9b085527ca937426337991f79

      SHA1

      67714f3578da3efbd612f757d041cd29a6c605a1

      SHA256

      b34cba01e546edc251e36544c5989aee04221f3f05db2edb51ba97a5b9b1cf7a

      SHA512

      6ca95e43157d197c095310c94a60d5051cac2da0c0c6c10f41301b8a3ef2dc94bcd4eae1cecf311a4d47666a470d74be8962d5ef6bf386af0acb300b42a38d5b

      Download Submit