Overview

overview

8

Static

static

dad16f0e6f...94.exe

windows7-x64

8

dad16f0e6f...94.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 04:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394.exe

  • Size

    184KB

  • MD5

    b336bd0a539ac1d003d8948af76e681a

  • SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

  • SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

  • SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

  • SSDEEP

    3072:fXYP+i9Iv1c2ypEO6EauUKjqvMBucns3oE8HUMm1RzQsPSCCs+DxlO4WMOY:fXYnSv10c0WquToEAXm1ZQsKCn+fOg9

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 14 IoCs
  • Adds Run key to start application 2 TTPs 11 IoCs
    persistence
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394.exe
    "C:\Users\Admin\AppData\Local\Temp\dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1416
    • \??\c:\program files (x86)\common files\microsoft shared\help\1046\microsoftmicrosoft.exe
      "c:\program files (x86)\common files\microsoft shared\help\1046\microsoftmicrosoft.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:944
    • \??\c:\program files (x86)\common files\microsoft shared\help\3082\microsoftmicrosoft.exe
      "c:\program files (x86)\common files\microsoft shared\help\3082\microsoftmicrosoft.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:572
    • \??\c:\program files (x86)\microsoft office\office14\1033\dataservices\connectsource24005.exe
      "c:\program files (x86)\microsoft office\office14\1033\dataservices\connectsource24005.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:636
    • \??\c:\program files (x86)\common files\microsoft shared\smart tag\moflmicrosoft.exe
      "c:\program files (x86)\common files\microsoft shared\smart tag\moflmicrosoft.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:1992

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\microsoft shared\Help\1046\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • C:\Program Files (x86)\Common Files\microsoft shared\Help\3082\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\moflMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ConnectSource24005.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \??\c:\program files (x86)\common files\microsoft shared\help\1046\microsoftmicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \??\c:\program files (x86)\common files\microsoft shared\help\3082\microsoftmicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \??\c:\program files (x86)\common files\microsoft shared\smart tag\moflmicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \??\c:\program files (x86)\microsoft office\office14\1033\dataservices\connectsource24005.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\1046\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\1046\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\1046\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\3082\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\3082\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Help\3082\MicrosoftMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\PROOF\mslidLanguage.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Smart Tag\moflMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Smart Tag\moflMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\Smart Tag\moflMicrosoft.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\EnvironmentBasic.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ConnectSource24005.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ConnectSource24005.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • \Program Files (x86)\Microsoft Office\Office14\1033\DataServices\ConnectSource24005.exe
    Filesize

    184KB

    MD5

    b336bd0a539ac1d003d8948af76e681a

    SHA1

    48de1b24a00e11434f1c449567d717878da3b6d7

    SHA256

    dad16f0e6f8fb3775a6625994590389f8447e3260d0bd2cb11fdba3206c4c394

    SHA512

    307f878c665695d70ffdbfff50d14cfb05705c089b177c7b92b6bf552af85c69a4110359fc84d93767f66200e82940cf7b102643a6ea27be1138774dfc4ea147

    Download Submit
  • memory/572-74-0x0000000000000000-mapping.dmp
    Download
  • memory/572-79-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/572-78-0x0000000000170000-0x0000000000194000-memory.dmp
    Filesize

    144KB

    Download
  • memory/636-89-0x0000000000330000-0x0000000000354000-memory.dmp
    Filesize

    144KB

    Download
  • memory/636-88-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/636-82-0x0000000000000000-mapping.dmp
    Download
  • memory/636-85-0x0000000000330000-0x0000000000354000-memory.dmp
    Filesize

    144KB

    Download
  • memory/636-87-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/944-68-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/944-63-0x0000000000000000-mapping.dmp
    Download
  • memory/944-67-0x0000000000170000-0x0000000000194000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1416-57-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/1416-54-0x0000000075E81000-0x0000000075E83000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1416-56-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download
  • memory/1416-55-0x00000000001F0000-0x0000000000214000-memory.dmp
    Filesize

    144KB

    Download
  • memory/1992-92-0x0000000000000000-mapping.dmp
    Download
  • memory/1992-96-0x0000000000400000-0x0000000000451000-memory.dmp
    Filesize

    324KB

    Download