Overview

overview

8

Static

static

d1f8bfa10d...60.exe

windows7-x64

8

d1f8bfa10d...60.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    136s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2022 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460.exe

  • Size

    341KB

  • MD5

    f74b40b6920dc51e70e3240eb3c01632

  • SHA1

    f6da6b8b9596fb819f023056b053db61498c9611

  • SHA256

    d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460

  • SHA512

    f853f87c302bd9508537ef4ef9b300a52348ae5471aedd329b1d28b4ae8107dd053cb467c86ea1f1769ce05d7a525b47dd967295d42b358ddad9e970196489cb

  • SSDEEP

    6144:9hAfLcAHlhY4kUrIPyt40gqwxbf5RKlmwB2Af37acGvWWhrm:9AtlhYNyIW41qPoo37uvW2r

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460.exe
    "C:\Users\Admin\AppData\Local\Temp\d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1304
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNINSTAL.BAT
      2⤵
      • Deletes itself
      PID:1336
  • C:\Windows\NoHacker.cn.exe
    C:\Windows\NoHacker.cn.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1080
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:1020

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\NoHacker.cn.exe
      Filesize

      341KB

      MD5

      f74b40b6920dc51e70e3240eb3c01632

      SHA1

      f6da6b8b9596fb819f023056b053db61498c9611

      SHA256

      d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460

      SHA512

      f853f87c302bd9508537ef4ef9b300a52348ae5471aedd329b1d28b4ae8107dd053cb467c86ea1f1769ce05d7a525b47dd967295d42b358ddad9e970196489cb

      Download Submit

    • C:\Windows\NoHacker.cn.exe
      Filesize

      341KB

      MD5

      f74b40b6920dc51e70e3240eb3c01632

      SHA1

      f6da6b8b9596fb819f023056b053db61498c9611

      SHA256

      d1f8bfa10d04357932f79e4769811afb48575165a2eb40f6a388d37dab764460

      SHA512

      f853f87c302bd9508537ef4ef9b300a52348ae5471aedd329b1d28b4ae8107dd053cb467c86ea1f1769ce05d7a525b47dd967295d42b358ddad9e970196489cb

      Download Submit

    • C:\Windows\UNINSTAL.BAT
      Filesize

      250B

      MD5

      1408a41200b1771d1ca1a5da11a35af8

      SHA1

      73891f7487adb90c920d060a63bf72641629f40f

      SHA256

      72423a8e7ca2e9f96ae45f81bb66fa23e2c000848790f1cadee6511022cf5390

      SHA512

      f8709ef71549a1ba2eb6ed9ff1ad33ba1ea78de73620d46dfbb06b2f1ab731e488559c2ad5c7020335b44bac6bc81c5e3d6478dfe428777fbdee0980e7b25739

      Download Submit

    • memory/1304-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

      Filesize

      8KB

      Download