Overview

overview

5

Static

static

c47dabc6e6...11.exe

windows7-x64

5

c47dabc6e6...11.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    132s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 11:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011.exe

  • Size

    164KB

  • MD5

    888be35d9a36a08960ef8c80ae02a787

  • SHA1

    1eabfd616f841742fa71c47f5ec1812d82447894

  • SHA256

    c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011

  • SHA512

    3c2ef701a303461b12da38d2cbbcce956f514652489fa804b80deb939a00015394d92f50ce7644a076064f04130c54c6490bc6dffb18a5846141e1c30fef05b5

  • SSDEEP

    3072:NoszioJaBCYNdgVHRKDFJlgQc22yWSBB:NWKUNdQKDODD4

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011.exe
    "C:\Users\Admin\AppData\Local\Temp\c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3224
    • C:\Users\Admin\AppData\Local\Temp\c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011.exe
      C:\Users\Admin\AppData\Local\Temp\c47dabc6e63d2922b4bd9db5951d7c2c5d93233392bc81cd990fb0f3021f6011.exe
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1380
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1312
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:524
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:17410 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of SetWindowsHookEx
            PID:2140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    a62e66dbd157955d60808bf89987bcde

    SHA1

    a97e8478902ac7db7fd904300304944a41afee8e

    SHA256

    d34e72ae586b00a60e3526f1e75677dcffa83fd33860a771ae592e7d8320cf25

    SHA512

    2c969c621bd5881acf47e85b3a2977b1c43dfa80887f0ab447327162d143795ff647b8ed1aec174a868c0faf1e09eb8baa6a67ea42764b65fe4416d2168e81fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    77674d91761972780956e78374a2bb67

    SHA1

    42397be22b6d25ce9f3919cf47d55d4a895d38dd

    SHA256

    2b88074eb9b27e13870a91465dcda3012148d8a6d1aea10551b9152d91d4ef10

    SHA512

    cfaeb8d38d48112bcecbe513c2616f09c401cdc82d84e1e96c0175220d4e62de0ac5a2c41bc93b91199e4f2283f3e455738c58ea60ed77393a6e8b9802fa24f0

    Download Submit

  • memory/1380-135-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1380-137-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1380-138-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download

  • memory/1380-139-0x0000000000400000-0x000000000044E000-memory.dmp

    Filesize

    312KB

    Download