e5b8941b39f4134322ff7fe67117d5f070cdfed5cd5d121f29829fe9bf52e687

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
14-11-2023 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe
Size

368KB
MD5

72a0b32492da29c09de94b30d4666a63
SHA1

ae852561e30e42d2357273fc5995a42726438dec
SHA256

fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5
SHA512

d574320e8a248aa7034d0263b64660d9b8299719a544b6e60d958baa17e7b8a6209acb8e57ca4ca08ef7cfb8bbbc0199d448f241024a7af8fc5e03a9ebc9c99f
SSDEEP

3072:wAMbXIVuWJGt7UoOtjCL72miltvX6E0z4J:wbbY4FkRvLO

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4900	688	WerFault.exe	87

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
688	fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe
688	fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe

C:\Users\Admin\AppData\Local\Temp\fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe
"C:\Users\Admin\AppData\Local\Temp\fb64f14ee4dc8b8c5348211ccd545c52736fe12509ca62d567f60753679d93a5.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 2724
  2⤵
  - Program crash
  PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 688 -ip 688
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\80UBY5GD\index-762c0b1b[1].css

Filesize
4KB

MD5
b1c6769dc2493ba4dc97625e813805c4

SHA1
eccfca0e135afcbcac9a793074750f1a5d827e10

SHA256
88915b40ae5e41f3cd1a16afea2427ad53709ae94f89236860a4d617536e7824

SHA512
16e21e87276c40145df7bb00f2b22f15c4a4b4e1a7b6665d611187ac3dffe72770b0bc9408eaf035c6af888edfef81fad3297c52a3574052d9ee4f7be29ce898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\80UBY5GD\index-ddc21dcc[1].css

Filesize
70KB

MD5
ee4ddb0248a08e61d9a7a0b612abc3db

SHA1
101c94bbe9505f2d8d9dc3c636a78a7771f6cbb1

SHA256
dc87bdd8f6c8d73aab092ce4553a3008da006151d590620ee412e77cfd47cec8

SHA512
5edb4973c8a00337063402721f5a42bbcea3f32d28f8f004e7fce6fb39b5204de08e13189e7fa621a1fed6d73fd4d2f15b7c2475e1c3cdd25ef3ffe52ebae810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TG5I02RO\index-1f19835f[1].css

Filesize
135KB

MD5
b0746600af990acc6933b9203f65e056

SHA1
55eea99652ce6dd62f5729415ad2fa9680b502db

SHA256
91c2e9cda0562bdcf91d830b8898075cab82abcc6d10daf3329449c7100c2b39

SHA512
3f860aec8e992b3292f7240e23f303ece612eaf988bbfcb64d94d1380bc8ba5af59d089f5f4f91b16d015787da11003330ecf8334306dcce062b180633120047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TG5I02RO\sideTool-4ff64f1b[1].css

Filesize
8KB

MD5
b2b2c34fbd807eb9e3f35d99e8454ebb

SHA1
bafa7323ba78915269a87aa0e7e6e7054e9dcbd8

SHA256
3d30674ac51edf82717ae0c511ae28960ab9748f4c58fbfc90329e4c4ce61a03

SHA512
f854c1a0489c71885cf331eea22afbab8f65f3f38d653baf5ffbb272b02f1379d432c3012ded2d91138c0df1c3eac948c05dd06d515b97ff05dc4042a5d0f5e5

Download Submit