Overview

overview

8

Static

static

f8f46a0dd7...65.exe

windows7-x64

8

f8f46a0dd7...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    165s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865.exe

  • Size

    52KB

  • MD5

    d6e7e97b595a5da8f8a53e6dc168df1c

  • SHA1

    aec05e6a8a178d291c96267a59c4a483101d50ac

  • SHA256

    f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865

  • SHA512

    b8b247e9623edb69f43a69fd2f18e5b26481c2b7bbe574c10842a5efce41f3616afc6102f838a62edbf40c18ed254eae40301f58a1e8062d1d2e798f87e7a18d

  • SSDEEP

    768:CwGI4s6XiKMAkjnlh7nTv+7SQBRJ0hLSqvIakyewLk13DTRy:d42Xnlh/W79JkL7IaNJLSR

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865.exe
    "C:\Users\Admin\AppData\Local\Temp\f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:868
    • \??\c:\windows\romeo13.exe
      c:\windows\romeo13.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1328
      • \??\c:\windows\SysWOW64\regedit.exe
        regedit /s c:\2.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:1836
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\353454543.bat
        3⤵
          PID:1996
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\353454543.bat
        2⤵
        • Deletes itself
        PID:1304
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1152

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\35K2KGXZ.txt
      Filesize

      608B

      MD5

      965421dc7604f88dd03798118db00da6

      SHA1

      67e5c4848543af15ae6dc55a6ee8bae2517cfd15

      SHA256

      0491bdcfbde8e19ed67672fc395222f0fe7374efab3a0d637a3c8ac5aaa09a3c

      SHA512

      120001102dd12e4810f5c9a89cfba450a90ee5826ad8d0cbe0de402f4a5f0c5d025b9bb11909b1a1b6ff228443fb1f6ba273d03d8c3c1c657d21c9613cd0543b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UFF1723A.txt
      Filesize

      110B

      MD5

      6e780d9a4c4d5772c2887c41cc139e90

      SHA1

      98bc1369677e010e5096488af6d95a892e893669

      SHA256

      5c4422d6b9406c9c4e62c67837ed998b839dcd65451438f0f1fb8352b27e662c

      SHA512

      d46ee3d0c4f74fcc832b355e0bc19470d00eb7da4172e7e379480184470c7e9793c705778307cdebf24c07cdde27135150161d3f8eec8c36f3bb6bbc4a8d39ab

      Download Submit

    • C:\Windows\romeo13.exe
      Filesize

      52KB

      MD5

      d6e7e97b595a5da8f8a53e6dc168df1c

      SHA1

      aec05e6a8a178d291c96267a59c4a483101d50ac

      SHA256

      f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865

      SHA512

      b8b247e9623edb69f43a69fd2f18e5b26481c2b7bbe574c10842a5efce41f3616afc6102f838a62edbf40c18ed254eae40301f58a1e8062d1d2e798f87e7a18d

      Download Submit

    • \??\c:\2.reg
      Filesize

      202B

      MD5

      428090d84a47f875c8fdd6d0258f00c5

      SHA1

      96c029720065ac1dc5ece2a5481b780267d7b439

      SHA256

      8c8668f6339728aebfc08e547f15b0e250f6a551be86f47fcb6098ffe37f0404

      SHA512

      f752bf52b359a5a82e821ee288e11cd4176c39ac3c932c6f44db69780c6e2597e654bbb3a9db9c32f8659d5af66fa9578b5625758b1f6db70c1314369dbadf7d

      Download Submit

    • \??\c:\353454543.bat
      Filesize

      116B

      MD5

      b420c64e5c921987cd2f92cb494e5d28

      SHA1

      045987d605e6b21329f4ef17dc692a3c7d740af5

      SHA256

      725acb501ded659a00f2d3e47b1b883bc51d9e86e3bcd43bc24950558d19fbfa

      SHA512

      bb462c62642c582bca3af499a6f5035e6dfd842330a70f3a31117b1ac5db6574b082cd8fc9922e1f66f308a9c7dc5f35aedad548d800616ac803b33c02a52296

      Download Submit

    • \??\c:\353454543.bat
      Filesize

      276B

      MD5

      77f7828ebf4855db1db809269c85b8e2

      SHA1

      05ea2a3d17f1b0698a624477ee15e94fc8e57f94

      SHA256

      45453bc0f247aaaeca26d949d523bdecce5e09b7343fd39cf891c85922f0be9f

      SHA512

      f89ec4bd79fbbcf893a308cd0666b764a35c997b31852cf1790683a98e97c9ec4dc18f25db81f21429b43c063cb29945c280bece2ea40e4c94cba3499debfa1b

      Download Submit

    • \??\c:\windows\romeo13.exe
      Filesize

      52KB

      MD5

      d6e7e97b595a5da8f8a53e6dc168df1c

      SHA1

      aec05e6a8a178d291c96267a59c4a483101d50ac

      SHA256

      f8f46a0dd702c4dc25bc7fe45a0e5c1b173e76adaf01e9c6eced2d0a320e6865

      SHA512

      b8b247e9623edb69f43a69fd2f18e5b26481c2b7bbe574c10842a5efce41f3616afc6102f838a62edbf40c18ed254eae40301f58a1e8062d1d2e798f87e7a18d

      Download Submit

    • memory/868-54-0x0000000076091000-0x0000000076093000-memory.dmp

      Filesize

      8KB

      Download