Overview

overview

7

Static

static

1

f6426b0740...86.exe

windows7-x64

7

f6426b0740...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    28s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-03-2023 02:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6426b0740788f8f1dda84a95b928d86.exe

  • Size

    3.0MB

  • MD5

    f6426b0740788f8f1dda84a95b928d86

  • SHA1

    0bc615dfc759ff4b5e78ea7ff013c5a1f95995ce

  • SHA256

    6d5597875970b6a30f1a8ad83800edebe692582fad0044fb25002e525bbe7af0

  • SHA512

    fb911d7ce4612224d081cce4534969e018fab45649b1f5ae75ab2bf4ac95f0b44e3894333bdd2aaa38927916569339a0933171ec1532923836e5f1d6cef6968c

  • SSDEEP

    49152:YhDpY69PS9SsbCmlaJUgNTxR4VRVB2nLVBTpRqPupM7T2NTZLdaDftd5So:YhDpT9KYkC+GUWTxRSRVUnLOPtn2NF8

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6426b0740788f8f1dda84a95b928d86.exe
    "C:\Users\Admin\AppData\Local\Temp\f6426b0740788f8f1dda84a95b928d86.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:2308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Wondershare\WAE\wsWAE.log
    Filesize

    1KB

    MD5

    779075b0c79762d23e1990a3cf9b5178

    SHA1

    bea43689f2719d878a13dfae80299b0f23281658

    SHA256

    a1f85ec49a3dcdc61e78ef2039ac1f82019b62091a09c51f8265e05522b72596

    SHA512

    b0e71156dcbadfcf5b1107e9ae5f201fadc7f29e6000c35eb3e59ed315939766ca2625e9d25c4b1721b169419ff0631fcd6782c73848d94cdd99ed1159b8d3f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    4e752c24756cbba97090ce16cf94b3df

    SHA1

    91ce5d49c54c7ea0345704b3c0e6872f80a0f367

    SHA256

    407b165f51cfa8106ecdbc4d2b44368275704c64ca94551179e1febdb458a188

    SHA512

    85af666783d6710c0a9263acfecd12a5342047e29158bb987c7d5506189d86cba1bb2c58a633db471bac014fcf09a3b0534b4bbc244d4aa9bf394eb076d476f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    7KB

    MD5

    6cd268f2540635ecf757b119b4c90c89

    SHA1

    f1663a97797ec4e623ab469e1f7d80d7f9aa4832

    SHA256

    ba3dc1be4b65635811da0e977ea408bf6c3558ebdbaf7afa69fee9dc622645db

    SHA512

    6c392b8e2ab0691dfa7668b77ea8ef1e9aff7864a2b7af27cceacdeb0b2c5c36df72f0750ffa72c5f25d19b0ad3f6635e13a923f4e29849229f37b36dca8d860

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    229B

    MD5

    ad0967a0ab95aa7d71b3dc92b71b8f7a

    SHA1

    ed63f517e32094c07a2c5b664ed1cab412233ab5

    SHA256

    9c1212bc648a2533b53a2d0afcec518846d97630afb013742a9622f0df7b04fc

    SHA512

    85766a907331f60044ec205cf345453fc3d44bfcac296ac93a12e8a752b84290dfd94f73b71de82f46f9503177d29602cbb87549f89dc61373d889b4ea26634b

    Download Submit

  • \Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit

  • memory/2308-1438-0x00000000011E0000-0x00000000011E8000-memory.dmp

    Filesize

    32KB

    Download