Overview

overview

8

Static

static

1

d010315437...0c.exe

windows7-x64

8

d010315437...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2023, 14:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d010315437618fddb6e538901b17750c.exe

  • Size

    354KB

  • MD5

    d010315437618fddb6e538901b17750c

  • SHA1

    932351e240a2fd6e4ad834035eb0f59042667221

  • SHA256

    db3397be54e1e264937fc410a3da4b1d72cb79dfd57885032a728155198aab3f

  • SHA512

    8c5483abbaccb0c5ca69d0ca7b67b49e14f790a76cd593f3a89790238b5839c5ba236f0eec68a22d3e60f97bede179ed387df91bb7a1d403e565fc1db67757e1

  • SSDEEP

    6144:c/BmfKKX24eOlCvSd0GW1+laB2kEykdCuLStm+w1ZTN3iifZpW:0BmiVaeSa9MUskzdfwNTJiQq

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d010315437618fddb6e538901b17750c.exe
    "C:\Users\Admin\AppData\Local\Temp\d010315437618fddb6e538901b17750c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3844
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe C:\Users\Public\oks
      2⤵
        PID:1684
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe C:\Users\Public\xx2
        2⤵
          PID:4704
      • C:\Windows\explorer.exe
        C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1460
        • C:\Users\Public\Program Files (x86)\conf.exe
          "C:\Users\Public\Program Files (x86)\conf.exe" C:\Users\Public\Documents\pro.chm
          2⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:4572
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {3eef301f-b596-4c0b-bd92-013beafce793} -Embedding
        1⤵
          PID:3120
        • C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          1⤵
            PID:1168
          • C:\Windows\explorer.exe
            C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
            1⤵
            • Modifies Internet Explorer settings
            • Modifies registry class
            • Suspicious behavior: AddClipboardFormatListener
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2168
            • C:\Users\Public\Program Files (x86)\svchost.exe
              "C:\Users\Public\Program Files (x86)\svchost.exe"
              2⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of SetWindowsHookEx
              PID:880

          Network

                MITRE ATT&CK Enterprise v6

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Public\Documents\pro.chm
                  Filesize

                  10KB

                  MD5

                  f4cc587bc4f636e67f540b33c84e8d70

                  SHA1

                  06184c5159bfe4438a371c0317cf7cbac4d7872d

                  SHA256

                  1755e3a16d942cd978b691cfe01d8225dbd19ca6c4c303708821b6025bc1807a

                  SHA512

                  80d0a2e275c83a7aab1ff38ee583f2ee8b45a70fb28a4578b90e57e40941277afa3f65b604cbf8ffe7d6567356c963f3ab83cb8663b5005c1005b4231881180f

                  Download Submit

                • C:\Users\Public\Program Files (x86)\ISCmplr.dll
                  Filesize

                  46KB

                  MD5

                  190db94c82f45a49a28c2c20d6c52f30

                  SHA1

                  833b489f8c91470d1ed766c135a7c5d384cdd428

                  SHA256

                  c7001b372928f9e7a6831f9f88d25f5158aecd578177c19f08768b5a4cabd4d2

                  SHA512

                  8716f05dec19fb9fab93da551670f56eaf46dc06fb752afbd78fb9aeeb3bbaff41bc218fa66e857969e7cd5289347598c2f308ccf83ded6c7f6946f3319d4af0

                  Download Submit

                • C:\Users\Public\Program Files (x86)\ISCmplr.dll
                  Filesize

                  46KB

                  MD5

                  190db94c82f45a49a28c2c20d6c52f30

                  SHA1

                  833b489f8c91470d1ed766c135a7c5d384cdd428

                  SHA256

                  c7001b372928f9e7a6831f9f88d25f5158aecd578177c19f08768b5a4cabd4d2

                  SHA512

                  8716f05dec19fb9fab93da551670f56eaf46dc06fb752afbd78fb9aeeb3bbaff41bc218fa66e857969e7cd5289347598c2f308ccf83ded6c7f6946f3319d4af0

                  Download Submit

                • C:\Users\Public\Program Files (x86)\conf.exe
                  Filesize

                  18KB

                  MD5

                  2c8fe78d53c8ca27523a71dfd2938241

                  SHA1

                  0111959e0f521d0c01d258abbb42bba9c23e407d

                  SHA256

                  eb63fd45ed7ec773eccaf0f20d44bc9b4ed0a3e01779d62321b1da954a0f6eb8

                  SHA512

                  4fba46ecc4f12bae5f4c46d4d6136bb0babf1abf7327e5210d1291d786ce2262473212a64da35114776b1ce26ead734a9fd3972ffa0f294d97ab6907953fd137

                  Download Submit

                • C:\Users\Public\Program Files (x86)\conf.exe
                  Filesize

                  18KB

                  MD5

                  2c8fe78d53c8ca27523a71dfd2938241

                  SHA1

                  0111959e0f521d0c01d258abbb42bba9c23e407d

                  SHA256

                  eb63fd45ed7ec773eccaf0f20d44bc9b4ed0a3e01779d62321b1da954a0f6eb8

                  SHA512

                  4fba46ecc4f12bae5f4c46d4d6136bb0babf1abf7327e5210d1291d786ce2262473212a64da35114776b1ce26ead734a9fd3972ffa0f294d97ab6907953fd137

                  Download Submit

                • C:\Users\Public\Program Files (x86)\isscint.dll
                  Filesize

                  278KB

                  MD5

                  eaf80d22e9f9d65faf4bc1b7339c446b

                  SHA1

                  d9f94c8929cad1b64990c9c329f995ee7048154a

                  SHA256

                  86407253cdd8ebaa39dcb965030959cefe3c00e71ad7cd2378b50798130e8631

                  SHA512

                  61bda76097cb0e00889c7a1f820b764cbc7d05feef517ae8b4da6c92cee04d53f01ccdef7417bb9ed967b5d9f1662ad64f6839a6fcfc86eeb48b5eb95e0e5b57

                  Download Submit

                • C:\Users\Public\Program Files (x86)\isscint.dll
                  Filesize

                  278KB

                  MD5

                  eaf80d22e9f9d65faf4bc1b7339c446b

                  SHA1

                  d9f94c8929cad1b64990c9c329f995ee7048154a

                  SHA256

                  86407253cdd8ebaa39dcb965030959cefe3c00e71ad7cd2378b50798130e8631

                  SHA512

                  61bda76097cb0e00889c7a1f820b764cbc7d05feef517ae8b4da6c92cee04d53f01ccdef7417bb9ed967b5d9f1662ad64f6839a6fcfc86eeb48b5eb95e0e5b57

                  Download Submit

                • C:\Users\Public\Program Files (x86)\svchost.exe
                  Filesize

                  761KB

                  MD5

                  9cd94710b63c30dab6a1c8dc3253a346

                  SHA1

                  0d2b1ba28c9f3a38255b421115cba465e6e2b15e

                  SHA256

                  aa8230f55dd1a9fa13f1fac4735dbea79afa6b67e996ddc1788bd6e038b9cdac

                  SHA512

                  e10a3f72c46db5dcb9c53e41dec0afd87a4ddf6abcd7d75144fe1af8c6c476e36118536ef0afd085618f5e1480b6be551e45295f1f4bfd0c980ca5583a43ca20

                  Download Submit

                • C:\Users\Public\Program Files (x86)\svchost.exe
                  Filesize

                  761KB

                  MD5

                  9cd94710b63c30dab6a1c8dc3253a346

                  SHA1

                  0d2b1ba28c9f3a38255b421115cba465e6e2b15e

                  SHA256

                  aa8230f55dd1a9fa13f1fac4735dbea79afa6b67e996ddc1788bd6e038b9cdac

                  SHA512

                  e10a3f72c46db5dcb9c53e41dec0afd87a4ddf6abcd7d75144fe1af8c6c476e36118536ef0afd085618f5e1480b6be551e45295f1f4bfd0c980ca5583a43ca20

                  Download Submit

                • C:\Users\Public\logo.xml
                  Filesize

                  89KB

                  MD5

                  3737a1e6972e6a12360cddfb75afe37a

                  SHA1

                  92a8c206424307059b0693cd5150f098b373f17c

                  SHA256

                  4a75fbb8e2de63c7199c5764d7b490a5e8eaf4e30f873a1cd027d18749c4068a

                  SHA512

                  3fe793f818bc5f6f029ebb01af706de90c4b19e5b8b9d36c74d5eb53866092c02994be0dcba404c01c862f1e779139227bd22f803a965750546eeb31cb328b5c

                  Download Submit

                • C:\Users\Public\oks\windows.lnk
                  Filesize

                  1KB

                  MD5

                  7d53dc5304641c2b4de152842ac2b91f

                  SHA1

                  976bef3672b126915d2afcb95547c0aaba7d5e14

                  SHA256

                  b22c6805310c661ef46d76479a1e3d2d2b8fb3babb1a0cbd3842f63bafb5e3a2

                  SHA512

                  6bf0c97e7fe741d292ef262ec77dea6a34e4b72ca8acb731a09d4bbe231de242f543b7b61492abf096ef3e6d55f4dc54318dcc7127c26288e1efc9b6fe20dfa5

                  Download Submit

                • C:\Users\Public\test.txt
                  Filesize

                  250KB

                  MD5

                  922652d88b0230007d877dba3518acba

                  SHA1

                  4eacd92958fc8f376bfe756e4ff9bbd013d0c83a

                  SHA256

                  cba43a9395355be4688bc2e0c83280cf83043284ec8b191b38f7165ef3e41461

                  SHA512

                  60d140e8295f5b3437206da46e151bc14c4e164e88be0e6fc2af58ad09c96f2deba9979af04f72fd1f46215b749660d91a3c15ed424ab8d8a5b1066fa0b70662

                  Download Submit

                • C:\Users\Public\xx2\Sogou.lnk
                  Filesize

                  836B

                  MD5

                  2df441d70fc9f15c12900fe0c0c71654

                  SHA1

                  9d8616e2c794781086d4e29d21fb03bfcb7665ea

                  SHA256

                  7b0e4f1681fd6ed7244366ff7118c0a381fe64c79675b95301576d9d2cab00e4

                  SHA512

                  8546a303c9ceb67873004cad52eccfc0683948e7a332b2572d45a540c885fe26c118cd4c1d9c42289eb2e9b2053b77b5b16a87c70ea19756e5cd3e645a2141a9

                  Download Submit

                • memory/880-180-0x0000000001190000-0x00000000011D6000-memory.dmp

                  Filesize

                  280KB

                  Download

                • memory/880-178-0x0000000001190000-0x00000000011D6000-memory.dmp

                  Filesize

                  280KB

                  Download

                • memory/880-179-0x0000000001190000-0x00000000011D6000-memory.dmp

                  Filesize

                  280KB

                  Download

                • memory/880-181-0x0000000001190000-0x00000000011D6000-memory.dmp

                  Filesize

                  280KB

                  Download

                • memory/880-183-0x0000000000400000-0x00000000004C8000-memory.dmp

                  Filesize

                  800KB

                  Download

                • memory/880-184-0x0000000001190000-0x00000000011D6000-memory.dmp

                  Filesize

                  280KB

                  Download

                • memory/3844-151-0x0000000003FA0000-0x0000000003FBB000-memory.dmp

                  Filesize

                  108KB

                  Download

                • memory/3844-156-0x0000000000400000-0x0000000000457000-memory.dmp

                  Filesize

                  348KB

                  Download

                • memory/3844-134-0x00000000001D0000-0x00000000001D2000-memory.dmp

                  Filesize

                  8KB

                  Download