Overview

overview

7

Static

static

3

tmp.exe

windows7-x64

7

tmp.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2023, 15:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp.exe

  • Size

    935KB

  • MD5

    bebe3cc434f6afdb0f0cef4f13b78aa3

  • SHA1

    b64b31a530a6308c636c6aae2852986182971017

  • SHA256

    6f1c291cb4ee985a93a6f4b1c24b9f6e479149f074bc9575701f7c9793748550

  • SHA512

    8d0a961894fa2782167d93625bbe51ba56ef328b21c754e9f20523c08cd934a7f955165881d8f5d9a2a7a587fcc59ddf6f821eee3b80b1a25f91e4f94a41c3a7

  • SSDEEP

    24576://0JW4NPRsBu+SNbj0nqVktuQu3GYfpBhtD/:TCX10nqVkaWY3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 27 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1284
    • C:\Users\Admin\AppData\Local\Temp\tmp.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Users\Admin\AppData\Local\Temp\tmp.exe
        "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2100
    • C:\Windows\SysWOW64\help.exe
      "C:\Windows\SysWOW64\help.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:340
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:1716

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\ipnprb.zip
            Filesize

            440KB

            MD5

            5d874a46532117f82095481976117fa1

            SHA1

            0a33fdef5084db25e24451dbde80238b487fbe78

            SHA256

            d6ccab1423559c6cf50202bc81a4576f969aa9c275eaaeb9a2ac2c827cd60447

            SHA512

            f0624277f3b4839c836291e1d1eb03cda875ba192243427afa967819b213f0cdade02f22e20b786b4680e4faaef20c045ad0a456d5f85fc04d3ab2e081ff4c61

            Download Submit

          • \Users\Admin\AppData\Local\Temp\sqlite3.dll
            Filesize

            841KB

            MD5

            5fc6cd5d5ca1489d2a3c361717359a95

            SHA1

            5c630e232cd5761e7a611e41515be4afa3e7a141

            SHA256

            85c8b8a648c56cf5f063912e0e26ecebb90e0caf2f442fd5cdd8287301fe7e81

            SHA512

            5f9124a721f6b463d4f980920e87925098aa753b0fa2a59a3ff48b48d2b1a45d760fd46445414d84fb66321181cd2c82a4194361811114c15e35b42f838ab792

            Download Submit

          • memory/340-20-0x0000000000080000-0x00000000000BA000-memory.dmp

            Filesize

            232KB

            Download

          • memory/340-72-0x00000000005C0000-0x0000000000662000-memory.dmp

            Filesize

            648KB

            Download

          • memory/340-71-0x0000000061E00000-0x0000000061EBF000-memory.dmp

            Filesize

            764KB

            Download

          • memory/340-34-0x0000000000080000-0x00000000000BA000-memory.dmp

            Filesize

            232KB

            Download

          • memory/340-26-0x00000000005C0000-0x0000000000662000-memory.dmp

            Filesize

            648KB

            Download

          • memory/340-25-0x0000000000080000-0x00000000000BA000-memory.dmp

            Filesize

            232KB

            Download

          • memory/340-24-0x0000000000750000-0x0000000000A53000-memory.dmp

            Filesize

            3.0MB

            Download

          • memory/340-21-0x0000000000080000-0x00000000000BA000-memory.dmp

            Filesize

            232KB

            Download

          • memory/1284-18-0x0000000000010000-0x0000000000020000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1284-19-0x0000000008900000-0x000000000A8CD000-memory.dmp

            Filesize

            31.8MB

            Download

          • memory/1284-73-0x0000000004DB0000-0x0000000004EAA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/1284-29-0x0000000008900000-0x000000000A8CD000-memory.dmp

            Filesize

            31.8MB

            Download

          • memory/1284-28-0x0000000004DB0000-0x0000000004EAA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/1284-27-0x0000000004DB0000-0x0000000004EAA000-memory.dmp

            Filesize

            1000KB

            Download

          • memory/2100-8-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-15-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-13-0x0000000000AB0000-0x0000000000DB3000-memory.dmp

            Filesize

            3.0MB

            Download

          • memory/2100-11-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-9-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2100-22-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-23-0x00000000001B0000-0x00000000001D3000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2100-14-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-7-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-16-0x0000000000400000-0x000000000043E000-memory.dmp

            Filesize

            248KB

            Download

          • memory/2100-17-0x00000000001B0000-0x00000000001D3000-memory.dmp

            Filesize

            140KB

            Download

          • memory/2568-6-0x0000000005C80000-0x0000000005D16000-memory.dmp

            Filesize

            600KB

            Download

          • memory/2568-12-0x0000000074640000-0x0000000074D2E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2568-5-0x0000000000910000-0x000000000091A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2568-4-0x0000000000900000-0x0000000000908000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2568-3-0x00000000008E0000-0x00000000008FA000-memory.dmp

            Filesize

            104KB

            Download

          • memory/2568-2-0x0000000004BA0000-0x0000000004BE0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2568-1-0x0000000074640000-0x0000000074D2E000-memory.dmp

            Filesize

            6.9MB

            Download

          • memory/2568-0-0x0000000001110000-0x0000000001200000-memory.dmp

            Filesize

            960KB

            Download