Overview

overview

7

Static

static

7

6627242e23...f2.exe

windows7-x64

7

6627242e23...f2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2023 09:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6627242e23c929ac597a6c017e3d95cf4d2a2720dbf88be018b9ebb5f62cbff2.exe

  • Size

    1.8MB

  • MD5

    942d5eca841451b44df488a35d5ac238

  • SHA1

    aff676bc19e554e7f0df1ac9f616798f8354c8f6

  • SHA256

    6627242e23c929ac597a6c017e3d95cf4d2a2720dbf88be018b9ebb5f62cbff2

  • SHA512

    f88aea1f7bc7c3b8a83a78d9adec2ff2729f840d38509ecfda803b4fcbe691aeb0c1277bb7c4c0b782f505bed73214b158e98e75b123642864b5efe17a2c8744

  • SSDEEP

    24576:pGGYB3mONH/xAeLaNhseUuKJD/7rmtElsR4lhu7zuTVA3nzZ6WhZlXVnHOqLTE3M:MB3DNZAWaNhsx+iZhMuTq3BDtuET6g3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6627242e23c929ac597a6c017e3d95cf4d2a2720dbf88be018b9ebb5f62cbff2.exe
    "C:\Users\Admin\AppData\Local\Temp\6627242e23c929ac597a6c017e3d95cf4d2a2720dbf88be018b9ebb5f62cbff2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\*¸ßÊý¿Î¼þ*.exe" /F /A /Q
      2⤵
        PID:1624
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del "C:\Users\Admin\AppData\Local\Temp\*ÈÎÕý·Ç*.mp4" /F /A /Q
        2⤵
          PID:940
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c del "C:\Users\Admin\AppData\Local\Temp\*¸ßµÈÊýѧ*.mp4" /F /A /Q
          2⤵
            PID:1700
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c del "C:\Users\Admin\AppData\Local\Temp\Ö÷³ÌÐò*.exe" /F /A /Q
            2⤵
              PID:1028
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c C:\Users\Admin\AppData\Local\Temp\6c35c1Ol2O.bat
              2⤵
              • Deletes itself
              • Suspicious use of WriteProcessMemory
              PID:1276
              • C:\Windows\SysWOW64\explorer.exe
                explorer C:\Users\Admin\AppData\Local\Temp
                3⤵
                  PID:1212
            • C:\Windows\SysWOW64\DllHost.exe
              C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
              1⤵
                PID:1488
              • C:\Windows\explorer.exe
                C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
                1⤵
                • Modifies Internet Explorer settings
                • Modifies registry class
                • Suspicious use of SetWindowsHookEx
                PID:1552

              Network

              MITRE ATT&CK Matrix ATT&CK v6

              Initial Access

              Execution

              Persistence

              Privilege Escalation

              Defense Evasion

              Modify Registry

              1
              T1112

              Credential Access

              Discovery

              Lateral Movement

              Collection

              Exfiltration

              Command and Control

              Impact

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\6c35c1Ol2O.bat
                Filesize

                352B

                MD5

                9a8b6c05c30286e8c00cdca1e1694834

                SHA1

                766ec91ac3484b893bc26983b213145462a4dbb5

                SHA256

                d8750df56ac931f1c8c6895faf857ed71451dde701cd3a9ffc6d4aa382b8d5a6

                SHA512

                571206d001d9017d41c8c4cb07b5f80ce59314582f7babb219bad46a69c76d1e579ccdb5100cd3f0b309112dcc410f8fda282de71b467dcb53eb77353fc5f46d

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\6c35c1Ol2O.bat
                Filesize

                352B

                MD5

                9a8b6c05c30286e8c00cdca1e1694834

                SHA1

                766ec91ac3484b893bc26983b213145462a4dbb5

                SHA256

                d8750df56ac931f1c8c6895faf857ed71451dde701cd3a9ffc6d4aa382b8d5a6

                SHA512

                571206d001d9017d41c8c4cb07b5f80ce59314582f7babb219bad46a69c76d1e579ccdb5100cd3f0b309112dcc410f8fda282de71b467dcb53eb77353fc5f46d

                Download Submit
              • memory/1240-87-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-61-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-89-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-65-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-67-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-69-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-71-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-73-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-75-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-77-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-79-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-81-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-83-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-85-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-54-0x0000000000CE0000-0x0000000001081000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/1240-60-0x0000000000CE0000-0x0000000001081000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/1240-91-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-93-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-95-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-97-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-99-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-101-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-104-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-106-0x0000000000200000-0x0000000000201000-memory.dmp
                Filesize

                4KB

                Download
              • memory/1240-107-0x0000000010000000-0x0000000010051000-memory.dmp
                Filesize

                324KB

                Download
              • memory/1240-55-0x0000000000CE0000-0x0000000001081000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/1240-56-0x0000000000CE0000-0x0000000001081000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/1240-116-0x0000000000CE0000-0x0000000001081000-memory.dmp
                Filesize

                3.6MB

                Download
              • memory/1552-117-0x00000000039C0000-0x00000000039D0000-memory.dmp
                Filesize

                64KB

                Download
              • memory/1552-118-0x00000000039B0000-0x00000000039B1000-memory.dmp
                Filesize

                4KB

                Download