Overview

overview

7

Static

static

dc0827befc...08.exe

windows7-x64

7

dc0827befc...08.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc0827befcb546f241a767b83efa697a57eff75a2b376e36a2ac166c58a64508.exe

  • Size

    154KB

  • MD5

    dff4b1e26c72c873d0088c22cbcc884f

  • SHA1

    0b82100e3736ddfcecbf12feaa7baa38aa042444

  • SHA256

    dc0827befcb546f241a767b83efa697a57eff75a2b376e36a2ac166c58a64508

  • SHA512

    21d7fa84d071d61161e80579cfc73e79bfcf133371a82cdafe0641569e9f5662d0ff991fefa83d5f994feabe6e3f7d8eb2ffb4b55ee445a908f51224077216ed

  • SSDEEP

    3072:8TRwpQuBwEkJmrUSg+cbCS6Q3esw21WpIdpwQjE16p7ntW72StNbDJvUaH:8WJ/kA/cj6Wesd1Wp6wQjtW1

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc0827befcb546f241a767b83efa697a57eff75a2b376e36a2ac166c58a64508.exe
    "C:\Users\Admin\AppData\Local\Temp\dc0827befcb546f241a767b83efa697a57eff75a2b376e36a2ac166c58a64508.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Roaming\tatcp.dll",HrGetStreamSize
      2⤵
      • Loads dropped DLL
      PID:1268
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • \Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • \Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • \Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • \Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • \Users\Admin\AppData\Roaming\tatcp.dll
    Filesize

    154KB

    MD5

    80bf7a55132272c542b0f74ea0666616

    SHA1

    9223dbb2ab6c2b52450ed820925e6b705551ec64

    SHA256

    41fa6ab7067d886a835c1adecd66078fd9d8b3418a7e0d890b1c77e059b87030

    SHA512

    a47bef086fbb43dd91e2f95abe2228a0947bd51460b435b0d5e7077ba9082478e341f7fc14bb55f6609600a81f87197687d484d8cb35c7980330d3e645d2fbaa

    Download Submit

  • memory/620-60-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download

  • memory/620-67-0x0000000001F80000-0x0000000001F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/620-63-0x00000000022C0000-0x00000000022E8000-memory.dmp

    Filesize

    160KB

    Download

  • memory/620-54-0x0000000075711000-0x0000000075713000-memory.dmp

    Filesize

    8KB

    Download

  • memory/620-56-0x0000000000250000-0x0000000000278000-memory.dmp

    Filesize

    160KB

    Download

  • memory/620-55-0x0000000000220000-0x0000000000233000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1268-76-0x00000000006A0000-0x00000000006C8000-memory.dmp

    Filesize

    160KB

    Download