Overview

overview

8

Static

static

9af48d460b...96.exe

windows7-x64

8

9af48d460b...96.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 07:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796.exe

  • Size

    21KB

  • MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

  • SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

  • SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

  • SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

  • SSDEEP

    384:ye29rWnoK+A0I2Ux0P0wBpd5QmW7BDDSgInnnnnnnnnnnnnnnnnnnnnnnnnnnnnB:yN/t4mzBpd5G5SnnnnnnnnnnnnnnnnnB

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796.exe
    "C:\Users\Admin\AppData\Local\Temp\9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Roaming\seres.exe
      C:\Users\Admin\AppData\Roaming\seres.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1508
      • C:\Users\Admin\AppData\Roaming\svcst.exe
        C:\Users\Admin\AppData\Roaming\svcst.exe
        3⤵
        • Executes dropped EXE
        • Modifies Internet Explorer settings
        PID:1364
    • C:\Users\Admin\AppData\Roaming\svcst.exe
      C:\Users\Admin\AppData\Roaming\svcst.exe
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:848

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\seres.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\seres.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\seres.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\seres.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • \Users\Admin\AppData\Roaming\svcst.exe
    Filesize

    21KB

    MD5

    0b1d5f1bde594f3e3eac3504ee0e7e32

    SHA1

    6644668a533fdd12c2e9f6f213ab85b6cf34bb8e

    SHA256

    9af48d460b57b4acfb05e524910153952e48dbab374aab9545995a8a5852a796

    SHA512

    f2d473153237594b973c7106176a392bf9381624f1f259cf5fc286d3dbccfce5fa922b6fee8d60cb9481f38f270ceb026e9a1ae99a2a477f3f99de069e343fe2

    Download Submit

  • memory/848-73-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1092-63-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1092-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

    Filesize

    8KB

    Download