Overview

overview

7

Static

static

7

f7ab2b56a9...9f.exe

windows7-x64

7

f7ab2b56a9...9f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09-06-2023 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f7ab2b56a9f3d715c10272bed2f26d5ce12530d2a6391d67912e37113f36379f.exe

  • Size

    1.8MB

  • MD5

    9dd5b1cbcaa2fff8e5ce21b296b2efa0

  • SHA1

    295a9195b93f02bed7bf5146c34430c63bc7f117

  • SHA256

    f7ab2b56a9f3d715c10272bed2f26d5ce12530d2a6391d67912e37113f36379f

  • SHA512

    9c71dbf5551d1e6b3bab5a4139496800135bde4b89d7bcfa55d0241756d1ee70e5c04efebdaaed63ebb298fe9d2d1cffd232d566223ec7db910ddb9d680fb9c4

  • SSDEEP

    49152:8AyMNnEcPaMkDpavau4Bo5YQm/zRWy1E0X3:JnCMkNxlv3VWqn3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7ab2b56a9f3d715c10272bed2f26d5ce12530d2a6391d67912e37113f36379f.exe
    "C:\Users\Admin\AppData\Local\Temp\f7ab2b56a9f3d715c10272bed2f26d5ce12530d2a6391d67912e37113f36379f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:760
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\*¸ßÊý¿Î¼þ*.exe" /F /A /Q
      2⤵
        PID:560
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del "C:\Users\Admin\AppData\Local\Temp\*ÈÎÕý·Ç*.mp4" /F /A /Q
        2⤵
          PID:2012
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c del "C:\Users\Admin\AppData\Local\Temp\*¸ßµÈÊýѧ*.mp4" /F /A /Q
          2⤵
            PID:1104
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c del "C:\Users\Admin\AppData\Local\Temp\Ö÷³ÌÐò*.exe" /F /A /Q
            2⤵
              PID:1624
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c C:\Users\Admin\AppData\Local\Temp\6c1dceOl2O.bat
              2⤵
              • Deletes itself
              • Suspicious use of WriteProcessMemory
              PID:1704
              • C:\Windows\SysWOW64\explorer.exe
                explorer C:\Users\Admin\AppData\Local\Temp
                3⤵
                  PID:1688
            • C:\Windows\SysWOW64\DllHost.exe
              C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
              1⤵
                PID:1300
              • C:\Windows\explorer.exe
                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                1⤵
                • Modifies Internet Explorer settings
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                PID:632

              Network

              MITRE ATT&CK Matrix ATT&CK v6

              Initial Access

              Execution

              Persistence

              Privilege Escalation

              Defense Evasion

              Modify Registry

              1
              T1112

              Credential Access

              Discovery

              Lateral Movement

              Collection

              Exfiltration

              Command and Control

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\6c1dceOl2O.bat
                Filesize

                352B

                MD5

                aa9e5901132d1f84efc3ab39c20a69c3

                SHA1

                94a10bebb5cb8ea1617025225af477a96dbc4da5

                SHA256

                eefd8f9d5558efdd3daee5e8731e65592792447423013162ff0836a9918b42ef

                SHA512

                0e21a4fae6bd474331239f8405a5507836108f0a477e11e3bbd2da20ab1fc72cfd963a818dddae2eeba8d29fdf02d36d4bab0f8280a0397e499b1deaca5fa9e7

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\6c1dceOl2O.bat
                Filesize

                352B

                MD5

                aa9e5901132d1f84efc3ab39c20a69c3

                SHA1

                94a10bebb5cb8ea1617025225af477a96dbc4da5

                SHA256

                eefd8f9d5558efdd3daee5e8731e65592792447423013162ff0836a9918b42ef

                SHA512

                0e21a4fae6bd474331239f8405a5507836108f0a477e11e3bbd2da20ab1fc72cfd963a818dddae2eeba8d29fdf02d36d4bab0f8280a0397e499b1deaca5fa9e7

                Download Submit
              • memory/632-118-0x0000000003730000-0x0000000003731000-memory.dmp
                Filesize

                4KB

                Download
              • memory/632-117-0x0000000003740000-0x0000000003750000-memory.dmp
                Filesize

                64KB

                Download
              • memory/760-87-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-89-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-67-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-69-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-71-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-73-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-77-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-75-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-79-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-81-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-83-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-85-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-56-0x0000000001270000-0x0000000001611000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/760-65-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-91-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-93-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-95-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-97-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-100-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-102-0x0000000000190000-0x0000000000191000-memory.dmp
                Filesize

                4KB

                Download
              • memory/760-103-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-105-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-107-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-61-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/760-57-0x0000000001270000-0x0000000001611000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/760-115-0x0000000001270000-0x0000000001611000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/760-54-0x0000000001270000-0x0000000001611000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/760-55-0x0000000001270000-0x0000000001611000-memory.dmp
                Filesize

                3.6MB

                Download