Overview

overview

10

Static

static

3

b834a073b3...ff.exe

windows7-x64

10

b834a073b3...ff.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    226s
  • max time network
    310s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2023, 19:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b834a073b3390ca2da20a273c83f6f67c92677f653cf38efc016f783cbcac2ff.exe

  • Size

    695KB

  • MD5

    b8ad059ae0933cd647f8afc4356bbe16

  • SHA1

    abf3fc6476fa6d9235acf7611b7787bfc00b8059

  • SHA256

    b834a073b3390ca2da20a273c83f6f67c92677f653cf38efc016f783cbcac2ff

  • SHA512

    02e865a8eac12dd54e686c2d5c34c7d52b63760f6f9bf3999b5828241e0ff57bd20a0fc4f90658e794c780f4f76a63befc6fa0a2f2d19b783e51b1e45b259578

  • SSDEEP

    12288:Ky90GcmoxrnJ1gHe5I3aSIC4rIs1qvW16c218b0K6A+jKO8G5i7as+I:KyvcmopJicC4NAS6c218b0VgO82i+rI

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b834a073b3390ca2da20a273c83f6f67c92677f653cf38efc016f783cbcac2ff.exe
    "C:\Users\Admin\AppData\Local\Temp\b834a073b3390ca2da20a273c83f6f67c92677f653cf38efc016f783cbcac2ff.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3644
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un044496.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un044496.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4140
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18978054.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18978054.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 1080
          4⤵
          • Program crash
          PID:1032
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3724 -ip 3724
    1⤵
      PID:1328

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un044496.exe
            Filesize

            541KB

            MD5

            0a776c08bfae296d8fe2dbf7d681ae14

            SHA1

            3dc0c4e2dae4b32251ffd824efb497de7bf161fa

            SHA256

            5a4fcde98eca4544626f2ed6b7e586937fbb80441498d181c990a9a57055fc38

            SHA512

            8b093198304dec6cba5d52a8451800c71612dac17d879bfbf47157460737ac69869177c49b229c6a7983bcaf6264746b865131985c3c4af9d63f0edb86e00fd9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un044496.exe
            Filesize

            541KB

            MD5

            0a776c08bfae296d8fe2dbf7d681ae14

            SHA1

            3dc0c4e2dae4b32251ffd824efb497de7bf161fa

            SHA256

            5a4fcde98eca4544626f2ed6b7e586937fbb80441498d181c990a9a57055fc38

            SHA512

            8b093198304dec6cba5d52a8451800c71612dac17d879bfbf47157460737ac69869177c49b229c6a7983bcaf6264746b865131985c3c4af9d63f0edb86e00fd9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18978054.exe
            Filesize

            258KB

            MD5

            f175557502ee6c7689f1b3634a3b7c34

            SHA1

            156ba0f915632def732a4ea4dc96018e0df8f5a2

            SHA256

            7e9742979c41810cbde72197e3ed0954283f7173ff63291948cfbacbede493a2

            SHA512

            7f5a92b143cfe6e62b7b513914dda8aedfe074cebb58933ca3f5ba933f3a4930cd729b10cdc45eb71168b5c9f5426bf00f04c4c6359f03e15bae84a962bd91e7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\18978054.exe
            Filesize

            258KB

            MD5

            f175557502ee6c7689f1b3634a3b7c34

            SHA1

            156ba0f915632def732a4ea4dc96018e0df8f5a2

            SHA256

            7e9742979c41810cbde72197e3ed0954283f7173ff63291948cfbacbede493a2

            SHA512

            7f5a92b143cfe6e62b7b513914dda8aedfe074cebb58933ca3f5ba933f3a4930cd729b10cdc45eb71168b5c9f5426bf00f04c4c6359f03e15bae84a962bd91e7

            Download Submit

          • memory/3724-162-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-168-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-150-0x00000000071E0000-0x0000000007784000-memory.dmp

            Filesize

            5.6MB

            Download

          • memory/3724-151-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-153-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-154-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-156-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-152-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-158-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-160-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-148-0x0000000002CB0000-0x0000000002CDD000-memory.dmp

            Filesize

            180KB

            Download

          • memory/3724-164-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-166-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-149-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-170-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-172-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-174-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-176-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-178-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-180-0x0000000004CC0000-0x0000000004CD3000-memory.dmp

            Filesize

            76KB

            Download

          • memory/3724-181-0x0000000000400000-0x0000000002B9B000-memory.dmp

            Filesize

            39.6MB

            Download

          • memory/3724-182-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-184-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-185-0x00000000071D0000-0x00000000071E0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/3724-188-0x0000000000400000-0x0000000002B9B000-memory.dmp

            Filesize

            39.6MB

            Download