Overview

overview

8

Static

static

2e2add6d59...b2.exe

windows7-x64

8

2e2add6d59...b2.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    188s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e2add6d5902cdb228862d7cb4920610ff0a43ef97161feb5afb3f1cb46108b2.exe

  • Size

    189KB

  • MD5

    15789a72aa5c8fde6bcb5ea188f07bd1

  • SHA1

    7ff5f833f0b08fd7a2435d61cf8caf04e513ef1e

  • SHA256

    2e2add6d5902cdb228862d7cb4920610ff0a43ef97161feb5afb3f1cb46108b2

  • SHA512

    1175e736f0da94fba7a63db8ad6d3a65a340c87a60870dc921d686c42c97ac19d4e040ec71de5baef124028df05c70e185b136933e71f2b67dfba2f833a7a75d

  • SSDEEP

    3072:hwSnerLrQIyzZrJnAsW113pBHyakipJI0Y7gvbWWZmw1FC/OBsYP6dwyz:h/nOfzyt9nRyBSakipJINwbVz2OBZPqz

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 38 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1248
      • C:\Users\Admin\AppData\Local\Temp\2e2add6d5902cdb228862d7cb4920610ff0a43ef97161feb5afb3f1cb46108b2.exe
        "C:\Users\Admin\AppData\Local\Temp\2e2add6d5902cdb228862d7cb4920610ff0a43ef97161feb5afb3f1cb46108b2.exe"
        2⤵
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:604
        • C:\Users\Admin\AppData\Roaming\Uvnyif\agdi.exe
          "C:\Users\Admin\AppData\Roaming\Uvnyif\agdi.exe"
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:1240
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpe7a5d836.bat"
          3⤵
          • Deletes itself
          • Suspicious behavior: EnumeratesProcesses
          PID:1052
    • C:\Windows\system32\Dwm.exe
      "C:\Windows\system32\Dwm.exe"
      1⤵
        PID:1200
      • C:\Windows\system32\taskhost.exe
        "taskhost.exe"
        1⤵
          PID:1112
        • C:\Windows\system32\conhost.exe
          \??\C:\Windows\system32\conhost.exe "13595284241969626036-1893277575-1527694620-400980217190463065-1989963510561579453"
          1⤵
            PID:1020

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmpe7a5d836.bat
            Filesize

            307B

            MD5

            359ae6711a2d383477babe3983ed11e3

            SHA1

            fb90523bc93b55f2079b786df7fb1c431d4c0c6f

            SHA256

            e5d8bf53db824082559bd96058b03fb4548bb66d0f54d1f4d1df1c58a0631119

            SHA512

            2fc8d2f4107d3e329232564284233236cd07a77edb620a63fa45694583132d5675352dd03491c63202a26a3364692155db5bcfbe46c153ba37376b40a8109e52

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Uvnyif\agdi.exe
            Filesize

            189KB

            MD5

            ca6e68682259d8c4a48f135b04a328a6

            SHA1

            8c8aa9a58f7fbf83888fe847e7b74a03e5d22983

            SHA256

            6d311253c901a2ae8a75316b9450a4652f7ef83fdea93e55f9df6f4182d6ff09

            SHA512

            071fcf5fc7e0669e9ad650e00cfa7f011fd918a14d5c06352e6b9e15651fcf5945b60c1d72c48ceff866fa976a0fcc0a973d0184361e52d6abf2d1a51ec8b10d

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Uvnyif\agdi.exe
            Filesize

            189KB

            MD5

            ca6e68682259d8c4a48f135b04a328a6

            SHA1

            8c8aa9a58f7fbf83888fe847e7b74a03e5d22983

            SHA256

            6d311253c901a2ae8a75316b9450a4652f7ef83fdea93e55f9df6f4182d6ff09

            SHA512

            071fcf5fc7e0669e9ad650e00cfa7f011fd918a14d5c06352e6b9e15651fcf5945b60c1d72c48ceff866fa976a0fcc0a973d0184361e52d6abf2d1a51ec8b10d

            Download Submit

          • \Users\Admin\AppData\Roaming\Uvnyif\agdi.exe
            Filesize

            189KB

            MD5

            ca6e68682259d8c4a48f135b04a328a6

            SHA1

            8c8aa9a58f7fbf83888fe847e7b74a03e5d22983

            SHA256

            6d311253c901a2ae8a75316b9450a4652f7ef83fdea93e55f9df6f4182d6ff09

            SHA512

            071fcf5fc7e0669e9ad650e00cfa7f011fd918a14d5c06352e6b9e15651fcf5945b60c1d72c48ceff866fa976a0fcc0a973d0184361e52d6abf2d1a51ec8b10d

            Download Submit

          • \Users\Admin\AppData\Roaming\Uvnyif\agdi.exe
            Filesize

            189KB

            MD5

            ca6e68682259d8c4a48f135b04a328a6

            SHA1

            8c8aa9a58f7fbf83888fe847e7b74a03e5d22983

            SHA256

            6d311253c901a2ae8a75316b9450a4652f7ef83fdea93e55f9df6f4182d6ff09

            SHA512

            071fcf5fc7e0669e9ad650e00cfa7f011fd918a14d5c06352e6b9e15651fcf5945b60c1d72c48ceff866fa976a0fcc0a973d0184361e52d6abf2d1a51ec8b10d

            Download Submit

          • memory/604-89-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-100-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-90-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-57-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/604-56-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/604-55-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/604-86-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/604-87-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-58-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/604-88-0x0000000001EE0000-0x0000000001F08000-memory.dmp

            Filesize

            160KB

            Download

          • memory/604-99-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1020-106-0x0000000001A30000-0x0000000001A58000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1020-104-0x0000000001A30000-0x0000000001A58000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1020-105-0x0000000001A30000-0x0000000001A58000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1020-107-0x0000000001A30000-0x0000000001A58000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-111-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-95-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-93-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-96-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-97-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1052-108-0x0000000000050000-0x0000000000078000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1112-66-0x0000000001DA0000-0x0000000001DC8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1112-71-0x0000000001DA0000-0x0000000001DC8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1112-68-0x0000000001DA0000-0x0000000001DC8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1112-69-0x0000000001DA0000-0x0000000001DC8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1112-70-0x0000000001DA0000-0x0000000001DC8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1200-75-0x00000000001B0000-0x00000000001D8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1200-76-0x00000000001B0000-0x00000000001D8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1200-74-0x00000000001B0000-0x00000000001D8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1200-77-0x00000000001B0000-0x00000000001D8000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1240-109-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1240-64-0x0000000000400000-0x0000000000434000-memory.dmp

            Filesize

            208KB

            Download

          • memory/1248-83-0x0000000002130000-0x0000000002158000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1248-80-0x0000000002130000-0x0000000002158000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1248-81-0x0000000002130000-0x0000000002158000-memory.dmp

            Filesize

            160KB

            Download

          • memory/1248-82-0x0000000002130000-0x0000000002158000-memory.dmp

            Filesize

            160KB

            Download