Overview

overview

6

Static

static

1

1240753542...00.exe

windows7-x64

6

1240753542...00.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    30-03-2023 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12407535426bc2951f8f462cc0ffba79763de8a5fc1ee42a532b804263771e00.exe

  • Size

    635KB

  • MD5

    4b7fdcc9f207e2fcd1227b0f58f2631f

  • SHA1

    f4fef2e3d310494a3c3962a49c7c5a9ea072b2ea

  • SHA256

    12407535426bc2951f8f462cc0ffba79763de8a5fc1ee42a532b804263771e00

  • SHA512

    5a9f9f8d7e685fb10ba3f464cffd3178218a51749fde054071aa03fb04915ae3257538abbe8608ad134fb0319d3a43f19281253839053d85990b9518cd916bf1

  • SSDEEP

    12288:JJFZqYMOaQ0q9nV/zsnK23KHVI6nodVdyMLiqyVcxwtVxgpMiuzOT6re:fFZqhOBnVyK23C6OoYMLiVcKtVx4Miu6

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12407535426bc2951f8f462cc0ffba79763de8a5fc1ee42a532b804263771e00.exe
    "C:\Users\Admin\AppData\Local\Temp\12407535426bc2951f8f462cc0ffba79763de8a5fc1ee42a532b804263771e00.exe"
    1⤵
    • Enumerates connected drives
    • Writes to the Master Boot Record (MBR)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe "http://localhost:80"
      2⤵
        PID:1956
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:672
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://localhost/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:572
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:572 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1108

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Bootkit

    1
    T1067

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    Peripheral Device Discovery

    1
    T1120

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e382f607a003e411c55f7ae691d8b73

      SHA1

      cd91ec4cb10881e9e7c8462e966760ebfbeb93b4

      SHA256

      d4daee6e1224b6dc9d727bad08abe5ec5f8d1330102859d0a9ba933341881f70

      SHA512

      244ed9e9c6e990d263a69ce955661a105ec721f30efa15561ddbbc48f7871d84a617e4d3223ede8eb0280227c0de9b431b2aa8bdb3f24d9bc4fd719aec24ae72

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8cf9115fa0e1a24bd6eca658710d1082

      SHA1

      897e9f153f54f97243f3a7f7687f2ad41a266295

      SHA256

      2b1e5f1a0e94e9d0d08f1758ccc94157d96c35d03a4b63c74fde6e6330dfa51f

      SHA512

      c2d70656abce01dd0e82c19a9f7c7ed3f4f75725542ee09c3d81fa8b6f34ffabcdf8d86068f78a975a5babf72bdce23939fd4bad0473c288023fcf01deabf222

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      adf394b0ff6863bcf4168f05d25e6250

      SHA1

      fa30bb5457582dfb8715f5a12d65e8d103784f9e

      SHA256

      725987c7c50a24bba1e70d909fbb5761594ee74ecb05fc5e9eec8faa0dd4f0d0

      SHA512

      d47ec46b83440df78540718455a9bf4c73d728a8e60834cacdbe4d00894b22f139385b3408ee2562537136eb8490089b203fe23335b72cd9109022c082a352fb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      430e3750f8ef47d04d2513c6280aedd6

      SHA1

      b5da027e45488772dcb069345d6cf22e42899f11

      SHA256

      0deec27a9d97db19efd543024fd584388d8cd3987021401f27d7003eec01e704

      SHA512

      f591b7004904f3910f00302123e7e7bb27a1b9df37d10b6c244c772a456822c737b0958cc7e4a22318af4c0556d77deb84cbf3562e104217be1b57790f2f66d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f45ae54349bb40c43fa071922245de7

      SHA1

      713690e43cc55c37e8fbb96f7440486ca86695c4

      SHA256

      3e63a02af15bd5374a39dfe68ea2fb0357cd58e3c56f60d95e9c6925a6344bf8

      SHA512

      75d02e632b11f8a5d469131928a4f192d29d15a5e0de42bf43ec7cbcc64b1769dee0c623406e0098582e03c16ca98af23153b0b6ac439ae0cf2882e86ed0c8ea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      41234af29b0e810a8b1816ee0f24021d

      SHA1

      60fdf1a43b9fd486a9334cc35357f398e12de4c2

      SHA256

      78adc493a6a5c684f315142e120ec9fd95badb8d81b354aa4c4479b22db3f9ac

      SHA512

      fc87a9998cb5f1c947d3b3bcc3e0d1a10e2e1ade5874360bfd4904806850fb0f28c5e00f39133b4ec25bc1536961ae35ff842595bc00b55983db45ce31df1d5b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d88f679c4228aab37b546f393bd81c53

      SHA1

      c3f89d2835fcf6bc280ced96410c8ee4ee3066e8

      SHA256

      97c3914cb46bd8b938554ee15bb8f7fa6c38ddfda1f469f99a700d016654ad94

      SHA512

      7a6faeb2caca996c94adf0b6d178960e3849e790a920b62db1260aa640a4dd26617a826afd70492816f7e03b5487ec34585bdd5d3f860d8ec0b0f528c26d9854

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab5296.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar54A1.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IYMBS9T2.txt
      Filesize

      603B

      MD5

      02e2b6a2c2ae85351715ff4efc3c250b

      SHA1

      87cc32b5b38ba987a4df01e0d489695d2cfbc766

      SHA256

      2b54f0c6ea51af81fb364ca6fb5d7b6e527ad20f97234cadc29624ac9da78d3b

      SHA512

      f6052027df7c57dffbce970a6b9f3e1d37d8bd6d5ee4ed34744ba9cec080a03ffd112048ac7c594e07b3bc1bd8bb507e412878bb64b4453af98dc5e021f56095

      Download Submit
    • memory/1744-65-0x0000000000400000-0x0000000000597000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1744-56-0x0000000000400000-0x0000000000597000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1744-55-0x0000000000400000-0x0000000000597000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/1744-583-0x0000000000400000-0x0000000000597000-memory.dmp
      Filesize

      1.6MB

      Download