Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
05-06-2023 19:29
General
-
Target
cfef051e5207bf180a4b978e5bfde56ab8c7bba99895cf40be520bae1d29ce19.exe
-
Size
4.6MB
-
MD5
a153af550243862ea7dbe382b8330acf
-
SHA1
f719256ae4c08bee10d4c1371abfd43c8dda955e
-
SHA256
cfef051e5207bf180a4b978e5bfde56ab8c7bba99895cf40be520bae1d29ce19
-
SHA512
81715786fc4165aa84194893f14932e20b77e03ba8c776301694deb350fce40a9dcaefa0e22058485061a999d8c467a0499b58c6a0c00d8864dfbaef56078e38
-
SSDEEP
98304:4dC/MqdPmQ4C1xCfzAODJ6KNtEFEVtgzX3ey0IZIRdN263vQyT/PYs2OV:4dNe4Kxg7Dzu7ItRL2q/kK
Malware Config
Signatures
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfef051e5207bf180a4b978e5bfde56ab8c7bba99895cf40be520bae1d29ce19.exe"C:\Users\Admin\AppData\Local\Temp\cfef051e5207bf180a4b978e5bfde56ab8c7bba99895cf40be520bae1d29ce19.exe"1⤵
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xd41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\guanggao[1].htmFilesize
1KB
MD59247a7ca941e7d4f7db5278cb92db6ae
SHA1b32c43ade9e78639d4f57ef62e793b1d72eb84f5
SHA256a96d35e73b9a156ee31db5eae8de2c260860537bedb1e2487aa68360066d3fe5
SHA512b597f5a1f8cf694f994daac0fe5c95bec16f694d4ca5ad8b0307ea12ec754a477788bcccfc4b9b79992b9d0aaae448a50764380c96e8fadf45b19fd438662404
-
memory/1284-77-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-102-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-74-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-63-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-65-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-68-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-55-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-71-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-57-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-56-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-83-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-80-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-86-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-89-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-92-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-95-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-98-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-99-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB
-
memory/1284-54-0x0000000000400000-0x0000000001025000-memory.dmpFilesize
12.1MB