Overview

overview

10

Static

static

b55c0b5263...d3.exe

windows7-x64

8

b55c0b5263...d3.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    192s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b55c0b5263ed79a740fd0cc67a921cf06c55c68cf39480b173086e5aba233dd3.exe

  • Size

    361KB

  • MD5

    fd8d85539a43f9fa24539a11251b8028

  • SHA1

    21606b28e4988875a2d51d8979ee130034d0a9da

  • SHA256

    b55c0b5263ed79a740fd0cc67a921cf06c55c68cf39480b173086e5aba233dd3

  • SHA512

    9d4ab1e0c00156e49691228853474b876049c2966f78f02aabd0930a3fdc2b5043adc5420cf5fd373dbaea1de571c00e3853aa0869fb3a87f75efbcd79566ece

  • SSDEEP

    6144:VflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:VflfAsiVGjSGecvX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 5 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Modifies Internet Explorer settings 1 TTPs 23 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b55c0b5263ed79a740fd0cc67a921cf06c55c68cf39480b173086e5aba233dd3.exe
    "C:\Users\Admin\AppData\Local\Temp\b55c0b5263ed79a740fd0cc67a921cf06c55c68cf39480b173086e5aba233dd3.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Temp\dxqmgcngdwsmfbvj.exe
      C:\Temp\dxqmgcngdwsmfbvj.exe run
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:948
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\rakrbiscis.exe ups_run
        3⤵
        • Executes dropped EXE
        PID:1496
        • C:\Temp\rakrbiscis.exe
          C:\Temp\rakrbiscis.exe ups_run
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1328
          • C:\temp\CreateProcess.exe
            C:\temp\CreateProcess.exe C:\windows\system32\ipconfig.exe /release
            5⤵
            • Executes dropped EXE
            PID:1404
            • C:\windows\system32\ipconfig.exe
              C:\windows\system32\ipconfig.exe /release
              6⤵
              • Gathers network information
              PID:1840
      • C:\temp\CreateProcess.exe
        C:\temp\CreateProcess.exe C:\Temp\i_rakrbiscis.exe ups_ins
        3⤵
        • Executes dropped EXE
        PID:1888
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:340
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:340 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • C:\Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • C:\Temp\dxqmgcngdwsmfbvj.exe
    Filesize

    361KB

    MD5

    97fb51ef1982726fa3dd804ce069ba7b

    SHA1

    0aa34217345f52149cc810c5e3b4393858fc05b4

    SHA256

    68345430dfdd06c6336e082ff8f5b3bd310660c46e77d20ae2ea292680c047e1

    SHA512

    43c28b2109cd9ff393b2fc478c88a05bfb92e2184de9bb42d04598f761b3fec3994d32505e9c013f2b2f36072f31ca9bb9078520212a445105fa5ccd38e006ed

    Download Submit

  • C:\Temp\dxqmgcngdwsmfbvj.exe
    Filesize

    361KB

    MD5

    97fb51ef1982726fa3dd804ce069ba7b

    SHA1

    0aa34217345f52149cc810c5e3b4393858fc05b4

    SHA256

    68345430dfdd06c6336e082ff8f5b3bd310660c46e77d20ae2ea292680c047e1

    SHA512

    43c28b2109cd9ff393b2fc478c88a05bfb92e2184de9bb42d04598f761b3fec3994d32505e9c013f2b2f36072f31ca9bb9078520212a445105fa5ccd38e006ed

    Download Submit

  • C:\Temp\rakrbiscis.exe
    Filesize

    361KB

    MD5

    295e4d25c0d2c3cbf63024e8ce3c8a8a

    SHA1

    82b40ea71ecc456c3b3bb284c648494b321bce98

    SHA256

    fa82ba78fb1195008d75863a1b1fb55636dbbf07d8dbd0f7463d65c60abef5a6

    SHA512

    012eb3e524d06e04cf6a8bc15aec61bc4164f436d65851fa121d48dabcdf360817150a880a403cdd69c73f9eb726c0a7d5cc017c272c2294f1caf52d35ab0e70

    Download Submit

  • C:\temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • \Temp\CreateProcess.exe
    Filesize

    3KB

    MD5

    dad379a9726ed5605481ede0c627da1b

    SHA1

    94f6fb848462ef76ffed47760459128f435fa602

    SHA256

    41f759709c9c71a83cbb2a8afb5fbbe46c800f7a45100ea3ff8d0a94b12a9bae

    SHA512

    ff5dafede547f85ceb0a866b93355403755e96dd8c2a83e953768defc2966e29081d4af27c6910b93da511fb274bdfb74008f0f177ccde2e0f85c34ad3c6ac7b

    Download Submit

  • \Temp\dxqmgcngdwsmfbvj.exe
    Filesize

    361KB

    MD5

    97fb51ef1982726fa3dd804ce069ba7b

    SHA1

    0aa34217345f52149cc810c5e3b4393858fc05b4

    SHA256

    68345430dfdd06c6336e082ff8f5b3bd310660c46e77d20ae2ea292680c047e1

    SHA512

    43c28b2109cd9ff393b2fc478c88a05bfb92e2184de9bb42d04598f761b3fec3994d32505e9c013f2b2f36072f31ca9bb9078520212a445105fa5ccd38e006ed

    Download Submit

  • memory/948-55-0x0000000000000000-mapping.dmp

    Download

  • memory/1404-65-0x0000000000000000-mapping.dmp

    Download

  • memory/1496-61-0x0000000000000000-mapping.dmp

    Download

  • memory/1888-68-0x0000000000000000-mapping.dmp

    Download