Overview

overview

8

Static

static

8

8c95640230...cc.exe

windows7-x64

8

8c95640230...cc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c95640230dd09c29d68420665a9ee492c03f3d5a59084819c380046e692e3cc.exe

  • Size

    26KB

  • MD5

    8595535b946f18c37051d3a1e8cbac07

  • SHA1

    061fae33fc7d5ce3fe859c7315e292634d8eb511

  • SHA256

    8c95640230dd09c29d68420665a9ee492c03f3d5a59084819c380046e692e3cc

  • SHA512

    dfc20b9fc9adfa5bbb27bde4941d813438260940743af00b9c275cbeee9bd0d9f488d4827e90d048f9e259b033296c492a0c404c541d395d4bfaeeb6837457f3

  • SSDEEP

    768:NYzN0KzwUbKS3Eaj4FPSWVpQL9SUIcBFitkjAmiW:N00KzwUbPUFP1Q5S/cBo5

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c95640230dd09c29d68420665a9ee492c03f3d5a59084819c380046e692e3cc.exe
    "C:\Users\Admin\AppData\Local\Temp\8c95640230dd09c29d68420665a9ee492c03f3d5a59084819c380046e692e3cc.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2020
    • \??\c:\windows\mstre19.exe
      c:\windows\mstre19.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:940
      • \??\c:\windows\SysWOW64\regedit.exe
        regedit /s c:\2.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:1640
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\4321f456.bat
      2⤵
      • Deletes itself
      PID:1560
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1192 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1332

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\15377Q70.txt
    Filesize

    608B

    MD5

    99324b610730a7cec719483d3600b028

    SHA1

    682072116b4f336dda4b4b0c16a84a4eb20a0995

    SHA256

    1340333460b80cfd94d05979389bf695f88dd54176b341ca3fcb68c1630b41e4

    SHA512

    b22a91f3a0fa4a1b956d5967c10c2c5a96a7a59a40f6e2fc6462cc0b5901343c49b470f1c8596570dc9c32f2b2a7be886c345236c31462fa30951855d8af2e90

    Download Submit
  • C:\Windows\mstre19.exe
    Filesize

    26KB

    MD5

    8595535b946f18c37051d3a1e8cbac07

    SHA1

    061fae33fc7d5ce3fe859c7315e292634d8eb511

    SHA256

    8c95640230dd09c29d68420665a9ee492c03f3d5a59084819c380046e692e3cc

    SHA512

    dfc20b9fc9adfa5bbb27bde4941d813438260940743af00b9c275cbeee9bd0d9f488d4827e90d048f9e259b033296c492a0c404c541d395d4bfaeeb6837457f3

    Download Submit
  • \??\c:\2.reg
    Filesize

    202B

    MD5

    428090d84a47f875c8fdd6d0258f00c5

    SHA1

    96c029720065ac1dc5ece2a5481b780267d7b439

    SHA256

    8c8668f6339728aebfc08e547f15b0e250f6a551be86f47fcb6098ffe37f0404

    SHA512

    f752bf52b359a5a82e821ee288e11cd4176c39ac3c932c6f44db69780c6e2597e654bbb3a9db9c32f8659d5af66fa9578b5625758b1f6db70c1314369dbadf7d

    Download Submit
  • \??\c:\4321f456.bat
    Filesize

    306B

    MD5

    7463340f8e25ce5b7391e9deaa84302c

    SHA1

    76f9a3cc5f769011e69e5ead350e4a7fdd920997

    SHA256

    35f20cb6d8b21a0c209e2145ee161b3525377ee4ee5465e658842c4eb2bc88d7

    SHA512

    bcb280a8f465375d3b473c7f13c92e980f9b92bf9f4b401a94ee4f1f2b19bb44fb18532834ccb363dda714a493bbffb93aa66dc62eeb2b2c3e1c11320304c5e0

    Download Submit
  • memory/940-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1560-58-0x0000000000000000-mapping.dmp
    Download
  • memory/1640-61-0x0000000000000000-mapping.dmp
    Download
  • memory/2020-54-0x00000000756B1000-0x00000000756B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2020-59-0x0000000000400000-0x0000000000413000-memory.dmp
    Filesize

    76KB

    Download