Overview

overview

10

Static

static

10

001e9becdd...93.exe

windows10-2004-x64

7

1a1cf2a2f6...31.exe

windows10-2004-x64

7

2eac3720bc...61.exe

windows10-2004-x64

1

320e3af17b...4c.exe

windows10-2004-x64

3

33bcab7033...70.exe

windows10-2004-x64

6

47a52afd63...2e.exe

windows10-2004-x64

10

4b24d27301...69.exe

windows10-2004-x64

7

4c481d251f...5a.exe

windows10-2004-x64

1

4c9ab76300...dd.exe

windows10-2004-x64

6

50a04b093c...95.dll

windows10-2004-x64

6

5266183553...2f.dll

windows10-2004-x64

8

547798defb...6e.exe

windows10-2004-x64

10

5fb2242c04...96.exe

windows10-2004-x64

1

63a0bf6385...12.exe

windows10-2004-x64

10

6a08b51e02...68.exe

windows10-2004-x64

5

803d827a2c...53.exe

windows10-2004-x64

7

85523c6377...c3.exe

windows10-2004-x64

3

8ab3db7349...03.exe

windows10-2004-x64

9

9b87457fe8...f0.exe

windows10-2004-x64

8

a3c7b0df18...cc.exe

windows10-2004-x64

1

ab4fa067af...38.exe

windows10-2004-x64

10

b1c5c3ca41...7d.exe

windows10-2004-x64

3

ca561f9403...c5.exe

windows10-2004-x64

7

d278eb3d6c...8f.exe

windows10-2004-x64

6

d3e04348f4...91.exe

windows10-2004-x64

10

d7e876a714...c9.exe

windows10-2004-x64

7

dd8bf2763c...38.exe

windows10-2004-x64

dd9ca1355f...9a.exe

windows10-2004-x64

7

dd9d07d1f5...27.exe

windows10-2004-x64

10

ef3c260fed...49.exe

windows10-2004-x64

10

f40df86d68...df.exe

windows10-2004-x64

10

fb861230c0...01.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    90s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2023 21:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53.exe

  • Size

    1.1MB

  • MD5

    ae90880e6556ebb938795518af3a08b2

  • SHA1

    8647dce3b9cce0197ab0e9b832de1f6d2413dd45

  • SHA256

    803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53

  • SHA512

    049ee5204617be840fbce46209b52e788932ffa061c7aa7121caee80d3bcbd26cede1d5657ef4e06bde550f16b7f12d0fbf965340a75ed1b4f6e281afa3135fe

  • SSDEEP

    24576:xdtRKR7yXFNlMcc7xWzyXe0nyrFPZM7ZNe+d+8/zUX0rSbKnvW5iaO:/y70F0vNXfn+FSlPc4SkvWXO

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53.exe
    "C:\Users\Admin\AppData\Local\Temp\803d827a2cd764008783e691ce132ef853dbfa77017e5d2eeae47ceb3ca50f53.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4244
    • C:\Users\Admin\AppData\Local\Email Access Online\Email Access Online.exe
      "C:\Users\Admin\AppData\Local\Email Access Online\Email Access Online.exe" /firstrun
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:4324
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 1924
        3⤵
        • Program crash
        PID:808
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 2000
        3⤵
        • Program crash
        PID:4764
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4324 -ip 4324
    1⤵
      PID:4908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4324 -ip 4324
      1⤵
        PID:3356

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Email Access Online\Email Access Online.exe
        Filesize

        1.8MB

        MD5

        354acd53e086bbdb1123896958d6f7dd

        SHA1

        44a7cdb95443f643d1a4d64c4038f88759d16411

        SHA256

        21a3add118bb22e7773e97b08d6a9b4eb314d9191750e14c7ce285d3af2266d6

        SHA512

        963fa4e83ad34fb1e36e531f14880eea0b9253344357ffd114359cb3b291fbc4b78d368542c33bbab007c8a15333bf5feb9ca10f1051282943f4208abfc1711b

        Download Submit

      • C:\Users\Admin\AppData\Local\Email Access Online\Email Access Online.exe
        Filesize

        1.8MB

        MD5

        354acd53e086bbdb1123896958d6f7dd

        SHA1

        44a7cdb95443f643d1a4d64c4038f88759d16411

        SHA256

        21a3add118bb22e7773e97b08d6a9b4eb314d9191750e14c7ce285d3af2266d6

        SHA512

        963fa4e83ad34fb1e36e531f14880eea0b9253344357ffd114359cb3b291fbc4b78d368542c33bbab007c8a15333bf5feb9ca10f1051282943f4208abfc1711b

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsuD19A.tmp\StdUtils.dll
        Filesize

        99KB

        MD5

        7abf66bab64e83da7a4da626bc34493a

        SHA1

        c3adab85d079b75b0c46f6b25fd2a736687624c5

        SHA256

        cbe5843990076d7cda9fe83aa305d66d3a0ffdcca932ef23114d1b3a491924f9

        SHA512

        f1beeb7df3e24daa72bdb093ea655d236c601e55f039322676f80c8aace0d39af6fab78be6b6b63e9486473f78dae42a762022f776b55d118c7a20948990dd5e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsuD19A.tmp\System.dll
        Filesize

        11KB

        MD5

        a4dd044bcd94e9b3370ccf095b31f896

        SHA1

        17c78201323ab2095bc53184aa8267c9187d5173

        SHA256

        2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc

        SHA512

        87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsuD19A.tmp\npHelper.dll
        Filesize

        271KB

        MD5

        c981cb2164e7542c8713d4e72b4e58df

        SHA1

        9aa01d7662aeb5428750d9ce187ab7b36cd4eb36

        SHA256

        9dcc839fe0bd5c6f7e81ad72c5615856e3f8ec10b709f3a13848813b5287ac43

        SHA512

        100fad3b51cf4818bfd0dcd49e17cbe17d11e24cf5b7619b894c47441268abe20570589167f8bbae855ddd414afcbf1fa46dc9a1a0080bdecc7c4aa366b790bd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsuD19A.tmp\npHelper.dll
        Filesize

        271KB

        MD5

        c981cb2164e7542c8713d4e72b4e58df

        SHA1

        9aa01d7662aeb5428750d9ce187ab7b36cd4eb36

        SHA256

        9dcc839fe0bd5c6f7e81ad72c5615856e3f8ec10b709f3a13848813b5287ac43

        SHA512

        100fad3b51cf4818bfd0dcd49e17cbe17d11e24cf5b7619b894c47441268abe20570589167f8bbae855ddd414afcbf1fa46dc9a1a0080bdecc7c4aa366b790bd

        Download Submit