9f90ce776ec014808d64352a802f52e0202c1419a5ae3cc13aaafd4570d88843

Analysis

max time kernel
28s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14/06/2023, 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IE8-WindowsServer2003-x86-CHS.exe
Size

16.1MB
MD5

ddd6164ec524d31dcab3c75c375641da
SHA1

09325ec29082b1bec1a8ce93b26b3f9c63a69596
SHA256

9f90ce776ec014808d64352a802f52e0202c1419a5ae3cc13aaafd4570d88843
SHA512

341b68f9ee10d3aa856029012a2ce12d47c7df90a1df5c4eb293eb9bb7482c40c9bb2306b941a60b4d57751440de60568d66c5398becc5321111809cd3e3e0ce
SSDEEP

393216:csND0ZwksVw+IZ1V2pm7RvCqPHL+PxLEDJV5ggL:cl/s8ypm7Rv+PaJUy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1684	iesetup.exe

Loads dropped DLL 3 IoCs

pid	Process
1720	IE8-WindowsServer2003-x86-CHS.exe
1684	iesetup.exe
1684	iesetup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ie8_main.log	iesetup.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28
PID 1720 wrote to memory of 1684	1720	IE8-WindowsServer2003-x86-CHS.exe	28

C:\Users\Admin\AppData\Local\Temp\IE8-WindowsServer2003-x86-CHS.exe
"C:\Users\Admin\AppData\Local\Temp\IE8-WindowsServer2003-x86-CHS.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1720
- \??\c:\0b06beb6220421b0aa4877ce\update\iesetup.exe
  c:\0b06beb6220421b0aa4877ce\update\iesetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\0b06beb6220421b0aa4877ce\update\iesetup.exe

Filesize
1.0MB

MD5
6b5f10832b00b206a3f8774567a5f960

SHA1
4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

SHA256
c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

SHA512
461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

Download Submit
\0b06beb6220421b0aa4877ce\update\iesetup.exe

Filesize
1.0MB

MD5
6b5f10832b00b206a3f8774567a5f960

SHA1
4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

SHA256
c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

SHA512
461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

Download Submit
\0b06beb6220421b0aa4877ce\update\iesetup.exe

Filesize
1.0MB

MD5
6b5f10832b00b206a3f8774567a5f960

SHA1
4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

SHA256
c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

SHA512
461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

Download Submit
\0b06beb6220421b0aa4877ce\update\sqmapi.dll

Filesize
138KB

MD5
9c7d9ef8de6683b41ba5aed60931b370

SHA1
8250c393231a51994efdc2d2542e330059fa3253

SHA256
f61988179bf124755c94b979926a67190e1b9b00953231bd83240242aad85cac

SHA512
3bb2049cbe30433114b5ddbfe9bf6b35a9492717979219ec539fa8838cebc557016d80fd49be0600b9a96ae0b9395168e0969b41c6b72baabb0943c1656c0393

Download Submit
\??\c:\0b06beb6220421b0aa4877ce\update\ie8.cat

Filesize
46KB

MD5
487cef1b09917a20ed42594235ae3e24

SHA1
1d296a6b27e3d1c22846670b7f582bbc81419717

SHA256
4b56d4eedd46cfcfc52dc8bb81a13598d3f247a6bb7be0ed561fb3787c0ba320

SHA512
2439bb4a8f122ea49bf7fe5652cb3def25dc0cf799e7b9dd25306b4fa83334f193c80699762e3941ed9aadc822c046602ec7eb16ae33eb686df553b6d310db10

Download Submit
\??\c:\0b06beb6220421b0aa4877ce\update\iecustom.dll

Filesize
56KB

MD5
803918dc4afc24b0f2e7a0741b407c3a

SHA1
8ad4deb9be6b86d38aa946c8812a6235f4023722

SHA256
367200f1cc29353867f9b81c2fdde8c8f754b541470320ffe32d2478a908c083

SHA512
aabfe4db32104627c1f893b6b469cb1eb910d41e00ea309f66369e3c2a44bcd09b9d1311d6f28c3f76aaab082e32219eae9570e420a932611441474a350c3fc3

Download Submit
\??\c:\0b06beb6220421b0aa4877ce\update\iesetup.exe

Filesize
1.0MB

MD5
6b5f10832b00b206a3f8774567a5f960

SHA1
4e7b57124e8a1c69947b9bc4dfa3fb8f6c70c6f6

SHA256
c0d3fdc340d32d599512740f611c24cb9b232a3972243577942c16128823ead6

SHA512
461399f8054b96730ff915c9e2eb6ca30931e06ed59cfb58ad2611fbb059ee46c9c372f802822824f8f00f9a4da6b70fe6cbf226644ee46bee33f78fa5d2f268

Download Submit
\??\c:\0b06beb6220421b0aa4877ce\update\sqmapi.dll

Filesize
138KB

MD5
9c7d9ef8de6683b41ba5aed60931b370

SHA1
8250c393231a51994efdc2d2542e330059fa3253

SHA256
f61988179bf124755c94b979926a67190e1b9b00953231bd83240242aad85cac

SHA512
3bb2049cbe30433114b5ddbfe9bf6b35a9492717979219ec539fa8838cebc557016d80fd49be0600b9a96ae0b9395168e0969b41c6b72baabb0943c1656c0393

Download Submit
\??\c:\0b06beb6220421b0aa4877ce\update\update.exe

Filesize
712KB

MD5
4599ad83996082516ffe0ae50c648805

SHA1
686621d0a0c3a3478a967c555a17d012ec4bf60d

SHA256
863ca400fc95c48e2cefaa95acf32b30e6f5bc8e5c553eb0932c2001ec5b060b

SHA512
306b0718ac67a5513111fe217a10909193ea711c47cb6a8debdc61d4aa3435e6f269e3c8b0ed3c9f8e97f0a73304fb4f42521b84c59cf3dae24864f07f0441af

Download Submit
memory/1684-210-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads