Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2023, 14:21

General

  • Target

    cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe

  • Size

    9.4MB

  • MD5

    3147a328bb87f4f6e5b88daa0feebfa6

  • SHA1

    7c8431e40e691071cfc7f06f789959b700995ea7

  • SHA256

    cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd

  • SHA512

    6373e15f7191d8d64d7c478e1bd6114f6e531d90d6368210cbf273633f04ca7ec1227162dcf9febea57143adef3a7adef4c5fbc029dd02e9649ae9bf8ec86592

  • SSDEEP

    196608:4gNTxEyxvoWKDBR6t77vQ9EWZht669NUFYxUH:dTxJuWoBRCi9Zht669NUFKU

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Modifies registry class 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe
    "C:\Users\Admin\AppData\Local\Temp\cdf546e4658cdd7867891bca27ff35fcf59d74869ad27bd86a809f2dde788bcd.exe"
    1⤵
    • Adds Run key to start application
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2216

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\careueyes\setting_v2.dat

          Filesize

          2KB

          MD5

          44f6bcaf5ec30dc007ee91394b7954fc

          SHA1

          dd8b077395cca86e0b95136666c454d084937649

          SHA256

          b9643ce33183728a6050277ecab47d9bd65a1fc2d89351d46ff7fe669a5e72c3

          SHA512

          4cdd69d091db8dce059b6526a6f47f4e8acc67e1e9f1330b0441e4c02895ea1bfc7b7f64c43c161a74ca4eb103f476f2b3ca731571adba4f0f768d80621ccb69

        • memory/2216-16-0x00000000000F0000-0x00000000000F1000-memory.dmp

          Filesize

          4KB

        • memory/2216-11-0x00000000000E0000-0x00000000000E1000-memory.dmp

          Filesize

          4KB

        • memory/2216-5-0x0000000000080000-0x0000000000081000-memory.dmp

          Filesize

          4KB

        • memory/2216-7-0x0000000001360000-0x0000000002722000-memory.dmp

          Filesize

          19.8MB

        • memory/2216-6-0x00000000000E0000-0x00000000000E1000-memory.dmp

          Filesize

          4KB

        • memory/2216-9-0x00000000000E0000-0x00000000000E1000-memory.dmp

          Filesize

          4KB

        • memory/2216-0-0x0000000000080000-0x0000000000081000-memory.dmp

          Filesize

          4KB

        • memory/2216-24-0x0000000000110000-0x0000000000111000-memory.dmp

          Filesize

          4KB

        • memory/2216-21-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

        • memory/2216-26-0x0000000000110000-0x0000000000111000-memory.dmp

          Filesize

          4KB

        • memory/2216-2-0x0000000000080000-0x0000000000081000-memory.dmp

          Filesize

          4KB

        • memory/2216-19-0x0000000000100000-0x0000000000101000-memory.dmp

          Filesize

          4KB

        • memory/2216-34-0x0000000000130000-0x0000000000131000-memory.dmp

          Filesize

          4KB

        • memory/2216-29-0x0000000000120000-0x0000000000121000-memory.dmp

          Filesize

          4KB

        • memory/2216-31-0x0000000000120000-0x0000000000121000-memory.dmp

          Filesize

          4KB

        • memory/2216-36-0x0000000000130000-0x0000000000131000-memory.dmp

          Filesize

          4KB

        • memory/2216-14-0x00000000000F0000-0x00000000000F1000-memory.dmp

          Filesize

          4KB

        • memory/2216-38-0x0000000077C90000-0x0000000077C91000-memory.dmp

          Filesize

          4KB

        • memory/2216-32-0x0000000000130000-0x0000000000131000-memory.dmp

          Filesize

          4KB

        • memory/2216-41-0x0000000036000000-0x0000000036010000-memory.dmp

          Filesize

          64KB

        • memory/2216-42-0x0000000003D00000-0x0000000003D40000-memory.dmp

          Filesize

          256KB

        • memory/2216-3-0x0000000001360000-0x0000000002722000-memory.dmp

          Filesize

          19.8MB

        • memory/2216-62-0x0000000001360000-0x0000000002722000-memory.dmp

          Filesize

          19.8MB

        • memory/2216-63-0x0000000003D00000-0x0000000003D40000-memory.dmp

          Filesize

          256KB