Overview

overview

6

Static

static

e01d8b9283...ea.exe

windows7-x64

5

e01d8b9283...ea.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    410s
  • max time network
    479s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea.exe

  • Size

    156KB

  • MD5

    92b253f2e92a880ba5532ad89a36b2ba

  • SHA1

    788d7749b2cbcd3e592890411bb6f3e27e75071a

  • SHA256

    e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea

  • SHA512

    e389874d740e16fbb0aeca6b1b483f72a38ee460f95d13cb0e951179c97901ddad27977321c33f61e01c3a61a8475b2a7ebc5e6faf8493d91283158a35e1ea9f

  • SSDEEP

    3072:zePoZO+WfapEDGhSdSUxxifeZuZCxQNsUq5rbMBTmnaW+vihLxhBL:zeDnDGhSdS4FJxGsp5rQl8+qhLN

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 7 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea.exe
    "C:\Users\Admin\AppData\Local\Temp\e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Users\Admin\AppData\Local\Temp\e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea.exe
      "C:\Users\Admin\AppData\Local\Temp\e01d8b92837ba3079923a6ae2d826b5ddf6a14639bc35bff6a05f65d50e145ea.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1172
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Adds Run key to start application
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2364
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3720
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3720 CREDAT:17410 /prefetch:2
            5⤵
              PID:3688

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1172-133-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-135-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-136-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-137-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-138-0x0000000000650000-0x000000000069E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-139-0x0000000000400000-0x000000000044E000-memory.dmp

      Filesize

      312KB

      Download

    • memory/1172-140-0x0000000000650000-0x000000000069E000-memory.dmp

      Filesize

      312KB

      Download