4ca34c1dd24890fadf8a737c86161fd63135c7f9e03cebb650e93d15e0a46ed3

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
16/08/2023, 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TemplateSearch.sk_new.mv3.win11.ch.exe
Size

82.4MB
MD5

93831a14007d11f7f007d0b37b340d19
SHA1

a9e8847fa6022008b8c6d29c2aeb511cfc59345a
SHA256

2059a6c3d274beba4a52debd4438a7bf38c0138f226be326ea6b5e063e8a7205
SHA512

071bea78f293190f7ae5e036cac6de45a6ba706ab553c4fe1b7cdc9c4c5eb4a899a2e072e896d07dcbd103a6ce14697e956f142565c6d85ad9d3e2fdd416d0c8
SSDEEP

1572864:JHsQxVqNTlFgpirmB4IMMdbvD9odLVvYDpU4+KPIgCU3zgkyvyX:NWhgpiyMAbZ0LtYDpTOgPHX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp

Loads dropped DLL 12 IoCs

pid	Process
2488	TemplateSearch.sk_new.mv3.win11.ch.exe
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2412	2452	WerFault.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2452	TemplateSearch.sk_new.mv3.win11.ch.tmp

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp
2452	TemplateSearch.sk_new.mv3.win11.ch.tmp

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2488 wrote to memory of 2452	2488	TemplateSearch.sk_new.mv3.win11.ch.exe	28
PID 2452 wrote to memory of 2412	2452	TemplateSearch.sk_new.mv3.win11.ch.tmp	29
PID 2452 wrote to memory of 2412	2452	TemplateSearch.sk_new.mv3.win11.ch.tmp	29
PID 2452 wrote to memory of 2412	2452	TemplateSearch.sk_new.mv3.win11.ch.tmp	29
PID 2452 wrote to memory of 2412	2452	TemplateSearch.sk_new.mv3.win11.ch.tmp	29

C:\Users\Admin\AppData\Local\Temp\TemplateSearch.sk_new.mv3.win11.ch.exe
"C:\Users\Admin\AppData\Local\Temp\TemplateSearch.sk_new.mv3.win11.ch.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp" /SL5="$80124,85481184,806400,C:\Users\Admin\AppData\Local\Temp\TemplateSearch.sk_new.mv3.win11.ch.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 1016
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2412

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\HtmlInstaller.dll

Filesize
189KB

MD5
92c5b057344b2b5746a2fd688291ca89

SHA1
90b05cb7110fb48e80f70f44c38a591574149d7a

SHA256
de276d570c0d74baa8081b53e47d28fedcc66ac245609ab294514ff4885e9a18

SHA512
96ac2534e6bd9dca47797e4152ac40656cd1f559e4b9c521f80bc7b4fa136476cc53c40d08a457c205b309f6081034f208802081360fe02e7f7335560964afc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\Networking.dll

Filesize
33KB

MD5
b3d494a32e72faaf5ac7e93a69681735

SHA1
5bc346e98bf69e27eef9f17f5f9b91ea824ce133

SHA256
93d0f577dfdb80b3afacbe465bcfb5a51eecbd09d77ab2ff0079f6e3682d0e49

SHA512
d2ec9b4a40a16da5825878fc8614c8d6e7e6f934d20f1f7b69eb0301e95ec4f1fa27f6a678cb9f966529b6d08a5e8abf6bd56dd3f75e544d0bbc724182554ab7

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-AJL09.tmp\TemplateSearch.sk_new.mv3.win11.ch.tmp

Filesize
3.0MB

MD5
fb3a55c0af466a6263b807ccd5c95677

SHA1
1a28e9a2670e58c7dc02bc0951eda0e82fd16ef9

SHA256
03bb180b7c4a64850d5e34d42108fd769a53a9acbeb0cc6358a67beee5f6c6ae

SHA512
e65b478484fed9d414e6b6d17ebe1a951c8a225e896bed004cf67f274ad0781b258017978c50d1e6835ebf1435ad2184b2c664860a45de6ad5e1a9176f8130b9

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\HtmlInstaller.dll

Filesize
189KB

MD5
92c5b057344b2b5746a2fd688291ca89

SHA1
90b05cb7110fb48e80f70f44c38a591574149d7a

SHA256
de276d570c0d74baa8081b53e47d28fedcc66ac245609ab294514ff4885e9a18

SHA512
96ac2534e6bd9dca47797e4152ac40656cd1f559e4b9c521f80bc7b4fa136476cc53c40d08a457c205b309f6081034f208802081360fe02e7f7335560964afc5

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\HtmlInstaller.dll

Filesize
189KB

MD5
92c5b057344b2b5746a2fd688291ca89

SHA1
90b05cb7110fb48e80f70f44c38a591574149d7a

SHA256
de276d570c0d74baa8081b53e47d28fedcc66ac245609ab294514ff4885e9a18

SHA512
96ac2534e6bd9dca47797e4152ac40656cd1f559e4b9c521f80bc7b4fa136476cc53c40d08a457c205b309f6081034f208802081360fe02e7f7335560964afc5

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\HtmlInstaller.dll

Filesize
189KB

MD5
92c5b057344b2b5746a2fd688291ca89

SHA1
90b05cb7110fb48e80f70f44c38a591574149d7a

SHA256
de276d570c0d74baa8081b53e47d28fedcc66ac245609ab294514ff4885e9a18

SHA512
96ac2534e6bd9dca47797e4152ac40656cd1f559e4b9c521f80bc7b4fa136476cc53c40d08a457c205b309f6081034f208802081360fe02e7f7335560964afc5

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\Networking.dll

Filesize
33KB

MD5
b3d494a32e72faaf5ac7e93a69681735

SHA1
5bc346e98bf69e27eef9f17f5f9b91ea824ce133

SHA256
93d0f577dfdb80b3afacbe465bcfb5a51eecbd09d77ab2ff0079f6e3682d0e49

SHA512
d2ec9b4a40a16da5825878fc8614c8d6e7e6f934d20f1f7b69eb0301e95ec4f1fa27f6a678cb9f966529b6d08a5e8abf6bd56dd3f75e544d0bbc724182554ab7

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\Networking.dll

Filesize
33KB

MD5
b3d494a32e72faaf5ac7e93a69681735

SHA1
5bc346e98bf69e27eef9f17f5f9b91ea824ce133

SHA256
93d0f577dfdb80b3afacbe465bcfb5a51eecbd09d77ab2ff0079f6e3682d0e49

SHA512
d2ec9b4a40a16da5825878fc8614c8d6e7e6f934d20f1f7b69eb0301e95ec4f1fa27f6a678cb9f966529b6d08a5e8abf6bd56dd3f75e544d0bbc724182554ab7

Download Submit
\Users\Admin\AppData\Local\Temp\is-FKKA8.tmp\Networking.dll

Filesize
33KB

MD5
b3d494a32e72faaf5ac7e93a69681735

SHA1
5bc346e98bf69e27eef9f17f5f9b91ea824ce133

SHA256
93d0f577dfdb80b3afacbe465bcfb5a51eecbd09d77ab2ff0079f6e3682d0e49

SHA512
d2ec9b4a40a16da5825878fc8614c8d6e7e6f934d20f1f7b69eb0301e95ec4f1fa27f6a678cb9f966529b6d08a5e8abf6bd56dd3f75e544d0bbc724182554ab7

Download Submit
memory/2452-114-0x00000000033B0000-0x00000000033F0000-memory.dmp

Filesize
256KB

Download
memory/2452-125-0x0000000000400000-0x000000000070D000-memory.dmp

Filesize
3.1MB

Download
memory/2452-113-0x0000000003F20000-0x0000000003F58000-memory.dmp

Filesize
224KB

Download
memory/2452-80-0x00000000033B0000-0x00000000033F0000-memory.dmp

Filesize
256KB

Download
memory/2452-60-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2452-84-0x0000000003470000-0x0000000003480000-memory.dmp

Filesize
64KB

Download
memory/2452-128-0x00000000033B0000-0x00000000033F0000-memory.dmp

Filesize
256KB

Download
memory/2452-127-0x00000000033B0000-0x00000000033F0000-memory.dmp

Filesize
256KB

Download
memory/2452-122-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2452-123-0x00000000033B0000-0x00000000033F0000-memory.dmp

Filesize
256KB

Download
memory/2452-85-0x00000000748B0000-0x0000000074F9E000-memory.dmp

Filesize
6.9MB

Download
memory/2452-126-0x00000000748B0000-0x0000000074F9E000-memory.dmp

Filesize
6.9MB

Download
memory/2488-121-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2488-53-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download
memory/2488-139-0x0000000000400000-0x00000000004D2000-memory.dmp

Filesize
840KB

Download