Overview

overview

10

Static

static

c1eb5a438e...46.exe

windows7-x64

10

c1eb5a438e...46.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    176s
  • max time network
    185s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 20:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1eb5a438ecfb6a536d9b27fac94152105dcac9474415be4d52015d43a1b3c46.exe

  • Size

    252KB

  • MD5

    a884cae9f497e760fc56a8be39b2a669

  • SHA1

    bd94a44dcedd749e528096b62eb05f8f06c39bbd

  • SHA256

    c1eb5a438ecfb6a536d9b27fac94152105dcac9474415be4d52015d43a1b3c46

  • SHA512

    f6dde0013259b42a3b7d37e37c5fc1e42b0da3df787989db170cb7d940b5e6ceb99c2703843dcb8a6170a7bef0686e3951552226764e4eaf08d2f2ea78941a35

  • SSDEEP

    6144:v+sgruPCTXu0+EI8AroFQDDP/m5dNP8ICz7RBoQ9X:DMuPCiNf8uDDodl8Ie7RBoQV

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1eb5a438ecfb6a536d9b27fac94152105dcac9474415be4d52015d43a1b3c46.exe
    "C:\Users\Admin\AppData\Local\Temp\c1eb5a438ecfb6a536d9b27fac94152105dcac9474415be4d52015d43a1b3c46.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:536
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:952 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1696

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

3
T1089

Modify Registry

5
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\51TD5YZ4.txt
    Filesize

    603B

    MD5

    cb2132e84c4f1d36dd8ec91a853d4e1e

    SHA1

    582e1e6ef752c58ed354da18ecf51f94a9d46e93

    SHA256

    c8f6924c8dc3d8a1adb7cca312645c3db0b3e3d21513e6c0b431d5f6085ac421

    SHA512

    e81655610e9534d9fe2d7cdf8dce3906e05691a732724e9d6acc86d1e85a107994f4471969eed066a653d69c5ee64db23568b969904b29949887536596127558

    Download Submit
  • memory/536-56-0x0000000074D61000-0x0000000074D63000-memory.dmp
    Filesize

    8KB

    Download