Overview

overview

7

Static

static

1

5b5285698a...2b.exe

windows7-x64

6

5b5285698a...2b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    85s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/06/2023, 07:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b.exe

  • Size

    4.6MB

  • MD5

    84f9fd99e43cbad27e55775458a886ac

  • SHA1

    acc5c2cdd64a054baf68815d5a7eb8d9f5e23ee6

  • SHA256

    5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b

  • SHA512

    79d5a06fe03100fe63a6deeace75acf0fb5a63a1060eedc32598338ca3cff0740df8c0f95cd2d7c94f8cfb1a02481a48343ce455ea0cc984687a82a189cb5503

  • SSDEEP

    98304:vDHU3woGRTQKYExbvaJVEbi1TbVnLc5PG7haRTtq8b/:DvqExfGhLc5PG74RJz/

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b.exe
    "C:\Users\Admin\AppData\Local\Temp\5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Users\Admin\AppData\Local\Temp\5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b.exe
      "C:\Users\Admin\AppData\Local\Temp\5b5285698aa7716546f5782e9d32aa15a77cd3272359dc6c8285fef496f4f32b.exe" d2f
      2⤵
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      PID:728

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\JTWallpaper\Config\UseVestige.ini
          Filesize

          71B

          MD5

          1114266a0b9bdda8eb952df29d11e878

          SHA1

          bfd253ebd91ed70beb64cf13b397dfefc0e2329f

          SHA256

          fc865df5ce9359acfb8f3ff37a42d7e5f4bea62f9c6f23391eb950bbd4724913

          SHA512

          0a4e4b25fd4edd20cdf4a9c578f1ff152a80eeab49a26a0e958b44ceecc597547b12e17c2fea730be0e838956df07086ceef43a18e97fa2e455c6c83492cce0e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\JTWallpaper\Config\UseVestige.ini
          Filesize

          111B

          MD5

          bd86af51160a1c5ff1c5c3bde58bc994

          SHA1

          90d07acc38f552a86c0522326dc2192e38125f59

          SHA256

          3d79012858ad19b40d91fa3f8f3851c27aeea8e55f66632c1b421c06f2630afb

          SHA512

          f111067af42c7cf1e3a9152741e57c68e89290270fdf5c84e740447977b2ef94118bd70b914fbb040feb99aa3115dcb8d19c49035ed18ee4b4a5498bda22c67c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\JTWallpaper\Config\UseVestige.ini
          Filesize

          145B

          MD5

          eb691188a40e684fd462dd3b2e3ebec3

          SHA1

          31bac1136f154c450cbbb27ef347bee051bc8e3c

          SHA256

          5c3ad7af78c505278a13fa05542b250ae5ae6a93f4552d88a9387e4d533ec3b5

          SHA512

          0d7d89fcbab514ef98ed0aac3f4faf95d8211fa9653282ff79853de0f09222d2012c2a35b102a101f487ac07cbb29d209efd202debada68fb9c0f328be337860

          Download Submit