Analysis

  • max time kernel
    142s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    10-10-2023 03:14

General

  • Target

    9cba2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435.exe

  • Size

    14.5MB

  • MD5

    a5ea8181fbdee37b55cd8f7a912ac8db

  • SHA1

    db88fb9d7c093226d37b2344708c0eb87c61d8ab

  • SHA256

    9cba2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435

  • SHA512

    d181df0e71754e2fe0123b42c286fee97a7187d7c15f67e4aa6181a3763a769bc114c1eab6db328274b2c488a8a9eae7ced26dea17ad0a0c613dd6e4f3fdee45

  • SSDEEP

    393216:el2DPoi7d2AB4XwH5/uYK0sL6Z7lexVlTgbi:JzoiswJH1FKdSUxVl0bi

Score
10/10

Malware Config

Signatures

  • Detected phishing page
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cba2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435.exe
    "C:\Users\Admin\AppData\Local\Temp\9cba2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c del "C:\Users\Admin\AppData\Local\Temp\*a2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435.exe"
      2⤵
        PID:916
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del "C:\Users\Admin\AppData\Local\Temp\*.dll"
        2⤵
          PID:624

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\9cba2b3013b0ed4230099470296443e836d11282f5cf9c45d45af0350e9ff435.exepack.tmp

        Filesize

        2KB

        MD5

        998cb7418913b528af5ad31dd994d963

        SHA1

        16c4b2feaab03208984f995973c9517531f2183c

        SHA256

        32c99cd52471224959db80db6068ec26f8e8bf1ae33e5b458163ca1b0116b8a0

        SHA512

        cc5964f065ae5daddd56559f03bd5c271a185cdb26b9c026b7ef88d54ba86d5f2c37bf75dcbe027250c98006278f9683fbd960a8d540d0d848f3403b92690b9d

      • C:\Users\Admin\AppData\Local\Temp\Cab7A12.tmp

        Filesize

        61KB

        MD5

        f3441b8572aae8801c04f3060b550443

        SHA1

        4ef0a35436125d6821831ef36c28ffaf196cda15

        SHA256

        6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

        SHA512

        5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

      • C:\Users\Admin\AppData\Local\Temp\Tar7A53.tmp

        Filesize

        163KB

        MD5

        9441737383d21192400eca82fda910ec

        SHA1

        725e0d606a4fc9ba44aa8ffde65bed15e65367e4

        SHA256

        bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

        SHA512

        7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

      • C:\Users\Admin\AppData\Local\Temp\ffc64b78506bab70f72bd33e23644bee.ini

        Filesize

        1KB

        MD5

        9224e7a8bc75832242a0721c3c367eff

        SHA1

        f0cbb17f3fe9f46181ed100ce615c18b924faa1a

        SHA256

        9db136543dc5dd6009e5b376b4939617a8e7bd22310ba27dbc20376673fc36a6

        SHA512

        768bd7d8fb7ac4b9a1eccb008ba270308907c96b145a525ded168b45e8e1de08dd1c650ecb9a266a52473e122a24b3796161b6e769a094d466bdd3e3c6e86c2b

      • C:\Users\Admin\AppData\Local\Temp\ffc64b78506bab70f72bd33e23644beeA.ini

        Filesize

        1KB

        MD5

        c2f6cf1e8cd82188ace4598132d41bb9

        SHA1

        11d3612ee6b7e039699313143332872a36e02f0c

        SHA256

        a6b8d9c83aedc3d6c725bcb27c143bc0415179a5774c78ed6c2c6e23cdcf47e6

        SHA512

        637846467cf64196043d885329d4c5b3826a9ca9cbac041e487bd15bb8bd30a3eb69d4f3e1049b8658e6aa44364d9dbb4a9428ec1bf9ae21d5cf1cf1fd5497f7

      • memory/2244-401-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-331-0x0000000003A80000-0x0000000003A90000-memory.dmp

        Filesize

        64KB

      • memory/2244-412-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-332-0x0000000000230000-0x0000000000233000-memory.dmp

        Filesize

        12KB

      • memory/2244-333-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-334-0x0000000050000000-0x0000000050109000-memory.dmp

        Filesize

        1.0MB

      • memory/2244-2-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-1-0x0000000000230000-0x0000000000233000-memory.dmp

        Filesize

        12KB

      • memory/2244-413-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-400-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-425-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-0-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-392-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-415-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-416-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-417-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-418-0x0000000003A80000-0x0000000003A90000-memory.dmp

        Filesize

        64KB

      • memory/2244-419-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-420-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-421-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-424-0x0000000000400000-0x0000000001DCF000-memory.dmp

        Filesize

        25.8MB

      • memory/2244-5-0x0000000050000000-0x0000000050109000-memory.dmp

        Filesize

        1.0MB