Overview

overview

8

Static

static

9cdbc93cfc...44.exe

windows7-x64

8

9cdbc93cfc...44.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    111s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 11:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44.exe

  • Size

    1.9MB

  • MD5

    eafb2268dce3fc9a424cfc458aa7df08

  • SHA1

    e7ef6cdaec0b05cabf0f01e01b7b7542e2a4c31e

  • SHA256

    9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44

  • SHA512

    bc62f3b92abdff6c72f660cbc1da1b4f6cd2ad710c524b62aa59ba5d09ba8960be1a70534ee4e974485b4826e9aad49ca638ec400fd1cb94c4b2d1a3470f62fc

  • SSDEEP

    49152:z6U5n3lF/ZZO85T3Apg6eed/NObJ30DEKwAWGNsUKK:z6U5n1FxZOWTQpg6e+/NOZI7NkK

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1380
      • C:\Users\Admin\AppData\Local\Temp\9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44.exe
        "C:\Users\Admin\AppData\Local\Temp\9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44.exe"
        2⤵
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:1476
        • C:\Users\Admin\AppData\Local\Temp\9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44.exe
          "C:\Users\Admin\AppData\Local\Temp\9cdbc93cfce44e75107e108fa4c265221969f4c490c30d978fb8012fc6b35b44.exe"
          3⤵
          • Modifies Installed Components in the registry
          • Adds Run key to start application
          • Suspicious use of SetThreadContext
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of WriteProcessMemory
          PID:944
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1788
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1396

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\___spynet___.rat
            Filesize

            233KB

            MD5

            49fee5ee886ce70536e036449e20757c

            SHA1

            5ab09000cb5c034e49e6561239003e30cae66919

            SHA256

            c5f216cf60d021d5d87c273b4a15c0d7134c22020bda83c12be03aa01d667892

            SHA512

            2080f91c4ae0b802b59f34931576783afa8a7d195f933febcc8e8a4531770ead9aff40e51813b193ce628145a56212d9ccf353f754bc9c0e459e53c5c152de56

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F6WKPXS8.txt
            Filesize

            601B

            MD5

            e8ec53651c96a82da95460f9cd0350f9

            SHA1

            7faf382071798d163242a0ab1455c565ec92ef3c

            SHA256

            3b14a902040ccfe38ef24412b09b1de6cc6417fddf1dd61335cc111ee2533e91

            SHA512

            66ca5e689e6130cecc41205978ed21d4e183482daa0e10a866d6bb8692f86a34b59b8da6d928a762b7ebbebc446347a35803569bc3148a4ddcd966ef69bc824d

            Download Submit

          • memory/944-54-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/944-56-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/944-58-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/944-61-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/944-60-0x0000000074C11000-0x0000000074C13000-memory.dmp

            Filesize

            8KB

            Download

          • memory/944-62-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/944-65-0x0000000033140000-0x0000000033181000-memory.dmp

            Filesize

            260KB

            Download

          • memory/1476-59-0x0000000053140000-0x000000005331D000-memory.dmp

            Filesize

            1.9MB

            Download