Overview

overview

7

Static

static

3

45db0f018b...38.exe

windows7-x64

7

45db0f018b...38.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2023, 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe

  • Size

    10.4MB

  • MD5

    3c38b13a0e7dae80caf79fb91a92ea32

  • SHA1

    d28ff30afe1b6f1d9c431f3a61dc753fbc397654

  • SHA256

    45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38

  • SHA512

    bf42af7bfe07e0b0c9dd7524f0a1fa37f596a68f55e1dc186899742a83b27b7a675c4c9046d689ed26d3ef210300e203dc93d87239761e5b0b7264ad2626c814

  • SSDEEP

    196608:jpPaI0j0GGXh1toX6qVJbEFm7eEfXIvCegxuxBLxXKzUMvYySFDzVXEtRr:jpzxGgdoHEFmyEfXG+xuxFxcUpyuDxEX

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
    "C:\Users\Admin\AppData\Local\Temp\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
      C:\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
    Filesize

    10.4MB

    MD5

    3c38b13a0e7dae80caf79fb91a92ea32

    SHA1

    d28ff30afe1b6f1d9c431f3a61dc753fbc397654

    SHA256

    45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38

    SHA512

    bf42af7bfe07e0b0c9dd7524f0a1fa37f596a68f55e1dc186899742a83b27b7a675c4c9046d689ed26d3ef210300e203dc93d87239761e5b0b7264ad2626c814

    Download Submit

  • C:\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
    Filesize

    10.4MB

    MD5

    3c38b13a0e7dae80caf79fb91a92ea32

    SHA1

    d28ff30afe1b6f1d9c431f3a61dc753fbc397654

    SHA256

    45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38

    SHA512

    bf42af7bfe07e0b0c9dd7524f0a1fa37f596a68f55e1dc186899742a83b27b7a675c4c9046d689ed26d3ef210300e203dc93d87239761e5b0b7264ad2626c814

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2ed5b9871defdf1c236926004c3e94ff.ini
    Filesize

    37KB

    MD5

    1fe0fa112546f4f9fba211614c362157

    SHA1

    57dbf040498365fc1f0377097309dc96219ac3fd

    SHA256

    73603bb9dbcdadc9381cd41e08c4b91179c6d769fc0826b9f762009ba2f5e9d8

    SHA512

    bf9cea4622d30445cab990ffbe63a0bd6d025f76c040fbf6f4d36637293d0d4644f00fd0e01c9a4cc691dcd6d5e1e35e9270280df88f346b5b618ab9c0caa928

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2ed5b9871defdf1c236926004c3e94ff.ini
    Filesize

    2KB

    MD5

    c3eb0e73b0b2c269c9240cc8cf07a2c4

    SHA1

    d2d8d49b56ebdad765388204fc9f0d50045735ec

    SHA256

    25c9b9257f54fb752925d1710beae02de0079a99c189abd48bffc5bf8c48a614

    SHA512

    e784dafd354320af18e1ad3db874941153124f337f2df9091811771e0f4254b9c6bc95d861e5ee8523b144f96faf669c9857622dd1acbed5060fcbd03861985f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a122bd83ecc3e9065caea0f13f01b10a.txt
    Filesize

    68B

    MD5

    d6d29cdd72725603b6e9d9adfa3dd730

    SHA1

    551456c50d76ea0d079a32e9740bbf6bb5be1903

    SHA256

    f5446a01ce00bc25763ab7231af3da28c5fe3ef704c24643c0885b8b24f7175d

    SHA512

    ada83328a3f15dc9c5c25f5155e688e7cf877d08f27e114e9f384f666f22fc7f5eef0bb0800fbd6fb35d2240d927de8b96e03adca7b55352bc47b34ba3903d35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\del.dat
    Filesize

    102B

    MD5

    2f5ca487095d30f58bddd2fab670416a

    SHA1

    d1deb416b175102cdd7fc7eb81a4fa56b4bee884

    SHA256

    22c0288cd34750a46168ee2a4407a54f45948cb23bf238b409de6c0202f77c91

    SHA512

    eab37322adc74dab0c2315fdd514c9428fc8583d848be7cdb6d3d23f02c93fef8b0e0450229fafaaee5a9d379ae6ce711b7c6ab728de950e394e16456b52e29a

    Download Submit

  • \45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38\45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38.exe
    Filesize

    10.4MB

    MD5

    3c38b13a0e7dae80caf79fb91a92ea32

    SHA1

    d28ff30afe1b6f1d9c431f3a61dc753fbc397654

    SHA256

    45db0f018bc56d4b21174ac0c7ee3957c2d4d6b2aad4583d3a9fa894f90b3e38

    SHA512

    bf42af7bfe07e0b0c9dd7524f0a1fa37f596a68f55e1dc186899742a83b27b7a675c4c9046d689ed26d3ef210300e203dc93d87239761e5b0b7264ad2626c814

    Download Submit

  • memory/1420-223-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-218-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-254-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-65-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-64-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1420-253-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-211-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1420-228-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-214-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-216-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-217-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-227-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-219-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-220-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-226-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-224-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/1420-225-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2476-54-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2476-67-0x0000000000400000-0x0000000000A08000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2476-55-0x00000000001C0000-0x00000000001C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2476-62-0x0000000006620000-0x0000000006C28000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/2476-66-0x00000000001C0000-0x00000000001C3000-memory.dmp

    Filesize

    12KB

    Download