Overview

overview

8

Static

static

7

eddf8c0e68...er.exe

windows7-x64

8

eddf8c0e68...er.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    306s
  • max time network
    319s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16/10/2023, 06:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    eddf8c0e68f85cb94e81f5572dfb5e9e08bedd0631e078abc755b7b0ad903380_GoTo Webinar Opener.exe

  • Size

    375KB

  • MD5

    144f6ae304e73dd2d8142c83e0c60d98

  • SHA1

    f75f084f6ebc75d271573c1a1a969529c5fd251d

  • SHA256

    eddf8c0e68f85cb94e81f5572dfb5e9e08bedd0631e078abc755b7b0ad903380

  • SHA512

    8c69eeeee5c567a2afe38b045a7da048d111478b56d37282f038a022f39472b74f39dd236a84e6197b63c9ea89cb77ceacca5b4f1296945d341c5e31b27d2095

  • SSDEEP

    6144:4VvaoFGmgG0BCGxcKi7ZIhFn6ZlrctG9KaVs/BfUbGy/kZiy1aqTWunoSDw6BLyj:wvz+GKK7ZCFgctGzVhlUiCLThoSDwAej

Score
8/10
evasiontrojanupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Blocklisted process makes network request 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 15 IoCs
    adwarespyware
  • Modifies registry class 59 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eddf8c0e68f85cb94e81f5572dfb5e9e08bedd0631e078abc755b7b0ad903380_GoTo Webinar Opener.exe
    "C:\Users\Admin\AppData\Local\Temp\eddf8c0e68f85cb94e81f5572dfb5e9e08bedd0631e078abc755b7b0ad903380_GoTo Webinar Opener.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies system certificate store
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\47E3B0F0-DD09-4C7D-AE4B-AACB41E0F30F\GoToOpener.msi" /q /lvx "C:\Users\Admin\AppData\Local\Temp\LogMeInLogs\GoToOpenerMsi\D13EAD58-5C0C-4989-AD11-A499D3CB1B45.log"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:292
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    PID:2220

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Config.Msi\f7770d1.rbs
          Filesize

          13KB

          MD5

          1d972d530ace14c53bc742a55b5bdae1

          SHA1

          094bbfe10aea4345c2f6de2b8c26b6f11747c100

          SHA256

          54b7e5730074410288406eaf65a3163d7dcbea2cc20b449d4bd85a65d7673d72

          SHA512

          673a0a82ccb6c67848f95105da3ad91b1d73558b08dfd490361d4804e8b79c8fd372a49c01f3818ef3f9e56968281c1b33dad763d59febe9dfe900936b8ab498

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c976a59e797b9c6fb1d2cdcc2b061432

          SHA1

          986d164df0bf2ee3a16de36d221acf0739116f36

          SHA256

          f62e25967162648066923fdc97055d14fa019f0a074a000ee596bf7ea147ac77

          SHA512

          189c80604f53c6c38fc4412d16b2a4c48e2cc49cd42b550f9e0a68c65e0f69b8b85d5f200c2317736609dd623d54caf42e44e2646bc8b5498e629025078e47ee

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c976a59e797b9c6fb1d2cdcc2b061432

          SHA1

          986d164df0bf2ee3a16de36d221acf0739116f36

          SHA256

          f62e25967162648066923fdc97055d14fa019f0a074a000ee596bf7ea147ac77

          SHA512

          189c80604f53c6c38fc4412d16b2a4c48e2cc49cd42b550f9e0a68c65e0f69b8b85d5f200c2317736609dd623d54caf42e44e2646bc8b5498e629025078e47ee

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          14630c9881b73146c72c5db7c1478acd

          SHA1

          b1a2ed6ea87a98873ea8f7f75db19e671e581262

          SHA256

          8adfd02643219f9970e8f1fce126b818a71d4a9ad7f1649ee136a1994bdfb0fd

          SHA512

          0ee48b771b440b0684325e70d3f4a0c3bc3578175f2fc093f09e8b78e42b3f8fbb8eba1b45bccc23c18eba7135907b74ac87a9a7393e362c4e4d6ff3dfbbea1c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          239f8b424f27e662fb29a60447998cde

          SHA1

          44a64862079301b4492051e7ddc244c19574ebe9

          SHA256

          5d9d76aa9c2243475acec12b8167ca27f05277e466ca996733c22b719655ffb1

          SHA512

          8ab3c5b1706aef745faf441256180a17bd8e220e9a41ebac7821db35fd4952cf4ed5c6268051d4d59aeebd1d1bd11140de85782c7449609095367dc6a13a0179

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38a415908f2f4dd6674d1f755bdf5697

          SHA1

          caa6d790ea15002b1f74aa177c2eb7f66eb4206e

          SHA256

          071befe4258a562674ca35a9337cb87c4720d649811b9baca451abb9d5b28044

          SHA512

          808e7093d2ee68a722fc0f7cf002b071a25fa08cf8818b70f6fb82f7e58b8d2ed5ecf22eda6b744434f05dbbb573fce43dea9b75d36000290b746c8b54c53956

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          658e65fbf13147a8872e5f395fb33086

          SHA1

          5950f19bba0120a001ae352106d9a680e370170a

          SHA256

          6b925a628a940388ed6b89d5602d60907dc7708fc5cc3ea7b3b53dfaec103a09

          SHA512

          ae226f19d31dcc4a309a8cabc911c116871b1f2fc5ca05f6839fe8a68b63ebf06544f8de4d3e74441746898d22c2858296f8eed0f4b5c348817a6c5059692d49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9097145268044d7fa5d6f4a60051ca77

          SHA1

          a471cf7b58fc7291b2cb781d704c3f73430beaf3

          SHA256

          c5c9c28ec1e50ee96703d0659a92c74e0861d7d6e47cdf4fb509fa23e80171c6

          SHA512

          c6e434ce3d85b649c28c9ba977630e42a2ffb49f1bd4693f60b07642532f0147338aa2cc0b28a5bafbb0629570ad08c15ba88903511c8973818e7f2216c0e44e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          df6e1868a3cf3a73299ce0ca4b322f5b

          SHA1

          8167bbc013c45d184f051955427f4fe4b187e2ec

          SHA256

          f0aa11515626003a061a73d3a8296659581a5ad14484d55698308502e6a1454d

          SHA512

          292f423086a563a55ba1f2520ffa75a60370d03099770989d70a7ee3c474e1b1eaa3a06ce068fc865d9539fc11380c36c1ed430982bf790d958b24b990951b22

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1fefd97c2686e6d5fe5db7fa80627d68

          SHA1

          6ae1a2eb9e67e7f4f80c6d9a31fc7e607504d28e

          SHA256

          814c2309ff7f4cd8c5bf84c117bbdaea1d79a8dbc49a95e2540b59a214aa7f3d

          SHA512

          7dbc3a9054295a164a74c445360925e62330f20303f2db1853ad3dc0dee30376dd0db29cd5ca7315054bc8a8bc27a2d0e031134d74489b608996d56428ccc17b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\47E3B0F0-DD09-4C7D-AE4B-AACB41E0F30F\GoTo Opener.exe
          Filesize

          375KB

          MD5

          fea2b3e91246b031f5427e82084fd667

          SHA1

          85020cf90e03e062cc2524f6a63d4a28ffdf64cb

          SHA256

          aeb35e3be12ca0292dee4e87d477bdea5d9f41bcc853c10d51207d0ac9e316c1

          SHA512

          2d1a1f0f937ed247f7cdfc0027792acab003c100549eee8ff028e89737273ec5e2bea537dc58fad2944f34edd2ebe2a717ec9d221e03bbe2ce8ca7354007d86d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\47E3B0F0-DD09-4C7D-AE4B-AACB41E0F30F\GoToOpener.msi
          Filesize

          116KB

          MD5

          f492835b151cddd0f36af61abf1434d1

          SHA1

          4cc81119ff893a5e57899bc9f13f2b9d71da930e

          SHA256

          b4124eeaa75ed0aea5fa1e7d349687996d4f9962555df7f19ead759e01c3464a

          SHA512

          4b92b692c44026c05734939cad32f7200dc39361fc5d871e04b8b8292c76a6c46ef5dfb14e74c44493d2935744092ac752c599487f7dc2776aad92b77477f24d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\7B1D6CAD-1447-4C6F-8FAD-16642C07C356\G2MCoreInstExtractor.exe
          Filesize

          1.2MB

          MD5

          662f9f9ea0a654683f53215d818e2fb2

          SHA1

          201f3d6ec76da1c0b5c93226741b0e8763562b9f

          SHA256

          37068a544413e57fa8761f8687c6f42222f654df669b142d349ced78ba7cad1f

          SHA512

          13a7c03e8bb220207d294abff317c4a0135d713680122e71e70c1027e2d419caaa0669c498b066beb02494e8999a307142e5366b502481e04515d5eba8b5baba

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab1778.tmp
          Filesize

          61KB

          MD5

          f3441b8572aae8801c04f3060b550443

          SHA1

          4ef0a35436125d6821831ef36c28ffaf196cda15

          SHA256

          6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

          SHA512

          5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\LogMeInLogs\GoToOpenerMsi\D13EAD58-5C0C-4989-AD11-A499D3CB1B45.log
          Filesize

          1KB

          MD5

          957f379b56af4bccf45442f1bf5f906f

          SHA1

          ed695517f252b8d7ba1c45806e3bbfc36857c148

          SHA256

          8498c41c1baaef82a8a01617149106f871973bad86f842871edcf480419c29ff

          SHA512

          31371dde73caf759aaa1e81fab351bde5ced0d5a77174860e4f42a6353bb2596ae476f890c218b260984846160cc1fbf9ec191a9164daacb426d8fcffe2d4db8

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar19DE.tmp
          Filesize

          163KB

          MD5

          9441737383d21192400eca82fda910ec

          SHA1

          725e0d606a4fc9ba44aa8ffde65bed15e65367e4

          SHA256

          bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

          SHA512

          7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          Download Submit

        • C:\Windows\Installer\f7770d2.msi
          Filesize

          116KB

          MD5

          f492835b151cddd0f36af61abf1434d1

          SHA1

          4cc81119ff893a5e57899bc9f13f2b9d71da930e

          SHA256

          b4124eeaa75ed0aea5fa1e7d349687996d4f9962555df7f19ead759e01c3464a

          SHA512

          4b92b692c44026c05734939cad32f7200dc39361fc5d871e04b8b8292c76a6c46ef5dfb14e74c44493d2935744092ac752c599487f7dc2776aad92b77477f24d

          Download Submit

        • memory/1116-1010-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-748-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-2-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-0-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-216-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-1-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-1183-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-1190-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/1116-1199-0x0000000000DD0000-0x0000000000EF8000-memory.dmp

          Filesize

          1.2MB

          Download