Overview

overview

4

Static

static

1

WebCompani...er.exe

windows7-x64

4

WebCompani...er.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 18:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    WebCompanion-Installer.exe

  • Size

    564KB

  • MD5

    0cf288864d5b601973dc7eefb4a7a60e

  • SHA1

    78431b8ee6681dc6c565c40ad105930596851b00

  • SHA256

    80fbddda7254e54b0dc198a91993219cfacbb2edeafd1040e0cf528c38720c1f

  • SHA512

    be2aa021a0fc66350b907401682770b9862a6c81ce25246bee18b26416ff88a0cd76b7f7ad9a6d78e2003da52403840289671f918cc0819797f63d29376ff4a4

  • SSDEEP

    12288:lG5knZfFKeUF3139E8i55DzYxLMvjtmosWyy9:lG50ZfFKNp1REdzYxQMobyy9

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WebCompanion-Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\WebCompanion-Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1820
    • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\WebCompanion-Installer.exe
      .\WebCompanion-Installer.exe --partner=newwebsite --version=11.7.0.807
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4860
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1764

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\Newtonsoft.Json.dll
          Filesize

          428KB

          MD5

          1350eb96db6e954175788f6db66780b9

          SHA1

          2ca2c06d58119cd9b06ca58a4bf0ee3213d26a37

          SHA256

          8ec3529b095fa85e57b374774da1ce11fe39e600101edf1b4646e351cb86d522

          SHA512

          a6e00ed2b5f90bd6c2a1a697531dd9264e3112f4660d5a878859b1beb522d170011de40bbe00bb6df28b5c1aabacbb20215500fb4b39fca2eeb9f17b141b9d9b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\Newtonsoft.Json.dll
          Filesize

          428KB

          MD5

          1350eb96db6e954175788f6db66780b9

          SHA1

          2ca2c06d58119cd9b06ca58a4bf0ee3213d26a37

          SHA256

          8ec3529b095fa85e57b374774da1ce11fe39e600101edf1b4646e351cb86d522

          SHA512

          a6e00ed2b5f90bd6c2a1a697531dd9264e3112f4660d5a878859b1beb522d170011de40bbe00bb6df28b5c1aabacbb20215500fb4b39fca2eeb9f17b141b9d9b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\Newtonsoft.Json.dll
          Filesize

          428KB

          MD5

          1350eb96db6e954175788f6db66780b9

          SHA1

          2ca2c06d58119cd9b06ca58a4bf0ee3213d26a37

          SHA256

          8ec3529b095fa85e57b374774da1ce11fe39e600101edf1b4646e351cb86d522

          SHA512

          a6e00ed2b5f90bd6c2a1a697531dd9264e3112f4660d5a878859b1beb522d170011de40bbe00bb6df28b5c1aabacbb20215500fb4b39fca2eeb9f17b141b9d9b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\WebCompanion-Installer.exe
          Filesize

          489KB

          MD5

          d44648c4befb008c0306a30664a7c2f9

          SHA1

          6665cb33cec43a7cab638cc1029c481fcf7faf84

          SHA256

          bae163d73316a1d300aaaa3effaed880796656d24ebdbe117baade90635060e7

          SHA512

          d309206c704e7b06c4305a8f3beddc552c789e808b020dec6ed63fa2ec4ced433988d0ac5301fa30a9f08fd4c43816d6069d33d3e1b329714904bb0cf713bb0d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\WebCompanion-Installer.exe
          Filesize

          489KB

          MD5

          d44648c4befb008c0306a30664a7c2f9

          SHA1

          6665cb33cec43a7cab638cc1029c481fcf7faf84

          SHA256

          bae163d73316a1d300aaaa3effaed880796656d24ebdbe117baade90635060e7

          SHA512

          d309206c704e7b06c4305a8f3beddc552c789e808b020dec6ed63fa2ec4ced433988d0ac5301fa30a9f08fd4c43816d6069d33d3e1b329714904bb0cf713bb0d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\WebCompanion-Installer.exe.config
          Filesize

          2KB

          MD5

          64abd91889ce8de4bc8c29317808d6f4

          SHA1

          178e66a60fd7d39973081192302e1410f0bb9827

          SHA256

          7dfa0da7b4d15c615dd5d905968a31270904585cda8974ee49e4d2ac93f1dec1

          SHA512

          832d0bcc6aeada9890c975720098b9a9947f3d82fbd1a5fe9073133c0ea6356b04ba136312032ab86b41ae5bcea9f01373cf99fe04f9c787de313abe2c798044

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\en-US\WebCompanion-Installer.resources.dll
          Filesize

          9KB

          MD5

          13540befc0ca1d490bad445719983a34

          SHA1

          aca3b69b051a615d39f7f9376e1e7a05d0ccc6af

          SHA256

          12a59c2cc60dd9c80ab9af9893503bcf72e9d9fc070d87cd2d00de111db1472d

          SHA512

          0653632e8725e6b70af1474d4bdbebc58e93060842307df8b256038481bb75ae0508cfda25b103831100ae535d8a6d5755a6f2803964340b359c73687014b624

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\en-US\WebCompanion-Installer.resources.dll
          Filesize

          9KB

          MD5

          13540befc0ca1d490bad445719983a34

          SHA1

          aca3b69b051a615d39f7f9376e1e7a05d0ccc6af

          SHA256

          12a59c2cc60dd9c80ab9af9893503bcf72e9d9fc070d87cd2d00de111db1472d

          SHA512

          0653632e8725e6b70af1474d4bdbebc58e93060842307df8b256038481bb75ae0508cfda25b103831100ae535d8a6d5755a6f2803964340b359c73687014b624

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7zSC176E0C7\en-US\WebCompanion-Installer.resources.dll
          Filesize

          9KB

          MD5

          13540befc0ca1d490bad445719983a34

          SHA1

          aca3b69b051a615d39f7f9376e1e7a05d0ccc6af

          SHA256

          12a59c2cc60dd9c80ab9af9893503bcf72e9d9fc070d87cd2d00de111db1472d

          SHA512

          0653632e8725e6b70af1474d4bdbebc58e93060842307df8b256038481bb75ae0508cfda25b103831100ae535d8a6d5755a6f2803964340b359c73687014b624

          Download Submit

        • memory/1764-52-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-53-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-42-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-40-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-43-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-50-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-47-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-48-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-49-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1764-51-0x000001C90EEF0000-0x000001C90EEF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4860-38-0x00000000055B0000-0x00000000055EC000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4860-41-0x0000000074CD0000-0x0000000075480000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4860-39-0x00000000055F0000-0x000000000563C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/4860-54-0x0000000005830000-0x000000000593A000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4860-37-0x0000000005590000-0x00000000055A2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4860-59-0x00000000066E0000-0x000000000674E000-memory.dmp

          Filesize

          440KB

          Download

        • memory/4860-36-0x0000000005530000-0x0000000005580000-memory.dmp

          Filesize

          320KB

          Download

        • memory/4860-35-0x0000000005BB0000-0x00000000061C8000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/4860-60-0x0000000006C60000-0x0000000006C80000-memory.dmp

          Filesize

          128KB

          Download

        • memory/4860-61-0x0000000006C80000-0x0000000006FD4000-memory.dmp

          Filesize

          3.3MB

          Download

        • memory/4860-62-0x0000000007190000-0x00000000071F6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4860-63-0x0000000001670000-0x0000000001680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4860-68-0x0000000001670000-0x0000000001680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4860-67-0x00000000075B0000-0x00000000075B8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/4860-34-0x0000000001670000-0x0000000001680000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4860-33-0x0000000000B20000-0x0000000000B9C000-memory.dmp

          Filesize

          496KB

          Download

        • memory/4860-31-0x0000000074CD0000-0x0000000075480000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/4860-69-0x0000000001670000-0x0000000001680000-memory.dmp

          Filesize

          64KB

          Download