Overview

overview

6

Static

static

31b9acf714...e4.exe

windows7-x64

6

31b9acf714...e4.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    31b9acf714ad540caa058d67caf13793df9fe0be9cc7efdc924f28620ad5a7e4.exe

  • Size

    678KB

  • MD5

    f2c495e7837f6f72f923ec1fdbc965a3

  • SHA1

    11a9c4804ad14e679222c76f1dad397ddb938e17

  • SHA256

    31b9acf714ad540caa058d67caf13793df9fe0be9cc7efdc924f28620ad5a7e4

  • SHA512

    06f638db8b02f6896bf7197ff6be748e54a5377e9cd1bb39c861be99322a555b87f38c50490a6ba0702c804fa0a7e9d83faf21341be41fcb54dd1f5a7164fd93

  • SSDEEP

    12288:stlYXUGUzeRM5mYLF/b1Y2GWBRolhm20iN08khQORtUztr0JPWP:szYXUGAmYmYdRYzER8Z0i1khFtUr0c

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\31b9acf714ad540caa058d67caf13793df9fe0be9cc7efdc924f28620ad5a7e4.exe
    "C:\Users\Admin\AppData\Local\Temp\31b9acf714ad540caa058d67caf13793df9fe0be9cc7efdc924f28620ad5a7e4.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1424
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:552
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:552 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1784

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    334745157824c931d2daca39c0998f2f

    SHA1

    c8f8c94289434aff795275b0e30a481951cd93d8

    SHA256

    aa52b09f176fe01deae9684c355e641be4caf4afd1a458fc90bfa9bca89c418a

    SHA512

    6b82b9860d118c0717bb4b27b3662eec687f1b80f1de94fcda496f98753bec96aa1978e67b5692a8b2f880986a8d90f6286a4659e0ff448ee37e063a334f5f5f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7SNANFIV.txt
    Filesize

    606B

    MD5

    d82723f0d4886a9b00bca3dae431dc64

    SHA1

    263914dcd6dbef2711ceff357d1af3b018d2a931

    SHA256

    e6d3b33c9d6539fefa4eaf821dcad35b9787b522493de40b92a45301a1a39b75

    SHA512

    f7c5491c4987c7e3612faa9de2b456c26c24f7a4e06b750b329f02ef30389d492d8f119fc14783b1770a4ad12feb8907bdcda543f25eb4c95b1d5aed1871409a

    Download Submit

  • memory/1424-54-0x0000000076151000-0x0000000076153000-memory.dmp

    Filesize

    8KB

    Download