Overview

overview

7

Static

static

3

2870998c5e...3f.exe

windows7-x64

7

2870998c5e...3f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/12/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2870998c5e9b853907fad77b6898533f.exe

  • Size

    15.9MB

  • MD5

    2870998c5e9b853907fad77b6898533f

  • SHA1

    f6158edc3e0f4f5557260253706e2d7281b43538

  • SHA256

    ff775c181e9d9d4f1e56966171b8e9b55a24fdf93f73462bc3f98ff0a36d453d

  • SHA512

    883531ed4d923ebc2c8e0868f1c1944420b6534e40bbc8602c5407767aca26d6f3a99ac473195bb4333342fbad009e8a3d111dc71e7cc2b140d800d678c95ac6

  • SSDEEP

    393216:ug7uUg7uUg7uUg7uUg7uUg7uUg7uUg7uN:jSJSJSJSJSJSJSJSN

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2870998c5e9b853907fad77b6898533f.exe
    "C:\Users\Admin\AppData\Local\Temp\2870998c5e9b853907fad77b6898533f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Windows\SysWOW64\reg.exe
      "C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:3044
    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
        "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2892
    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      "C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    6.3MB

    MD5

    4acfef212711e82c8a10bb8e806b78ec

    SHA1

    9f8edfb30044affd663ec5bf4309e3f529d42bed

    SHA256

    af6bfebf0fdb9ccc12829550500831a58c7fc7130b3dbdf1a910b1b0d5215e77

    SHA512

    a93670d837b3eb00cfd1fdc4d2508247a0203072ad3a3e6d3264f3653c3a71f36e2b743ab89331e7f6a247708baa181e555dac0ec9080988885498a1a591ac0c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    8.9MB

    MD5

    1c92a4a9f1eb6907949d377efb403efd

    SHA1

    c6e7defff5f1f33d3abb62ed80e8551ed2b1a1fd

    SHA256

    881e155817d3022b0e67f9296859c1fa228425b54260f6f299146e8359f0613d

    SHA512

    8dc9bdb6aa55db0ba7f5d2b35381b28987738e226c43f808e985b886e5ded78d0648127556772b7a7e9167cfc24a70e9b4a8bcb7ba86f68718cab6ed6fe8d3de

    Download Submit

  • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    15.9MB

    MD5

    de9e7c63c1216b3d27d9fcb13d42ed47

    SHA1

    6ab03be9e1b376a54cfaa15f865bc2151f00383f

    SHA256

    767b7a5bac100f9f3b5d7449b9dcfd1a6a275e1a7fa049d86ba006d06c92da69

    SHA512

    9fb95f3fd394581248f1eac43a520bb5f4a4195639ca51bccb14d797405e57d7ef609d8334b2be810e199eebae046ff6896e936cff41316d033cfbbe01a1625e

    Download Submit

  • \Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    10.2MB

    MD5

    fa17c964d48326b36dc4e7a46c334b74

    SHA1

    982887da760a898abdd1800043cbcfa8c7b5865a

    SHA256

    f81e056d65d5dccc5ccfceacdcadb89e4aadf25f435e577ad7d69f85d558b17d

    SHA512

    9ed9125c214f0e24a4789c8828738024432100397046fcf617de770263b51f6861da8c0da730a7324bcd7538c2c2620a965fd283f232b609eeeb0d29dd5cf0e3

    Download Submit

  • \Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    8.8MB

    MD5

    511536a7de27dfda406ff5f34e133639

    SHA1

    0d87280daf6241777fc6dfcb6d5b0d2af5c6b44e

    SHA256

    9d82f3c7ebbc57d3d9847a2afdcb8289c0446bb8c3d57baf540204471d8f4d71

    SHA512

    a21790ecf1603704a5b4c74c38d07358e547290cd5168384b78a9ac792d5b7bb27993c00bf1db1fd5f1fb6738f99428e79fa782d19e05a55f96d1aae47f3ecde

    Download Submit

  • \Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
    Filesize

    1.0MB

    MD5

    a2f259ceb892d3b0d1d121997c8927e3

    SHA1

    6e0a7239822b8d365d690a314f231286355f6cc6

    SHA256

    ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420

    SHA512

    5ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad

    Download Submit

  • memory/2800-22-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2800-42-0x0000000000400000-0x00000000004FB000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2800-27-0x00000000002E0000-0x00000000002E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2800-56-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-52-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-51-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-54-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-55-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-58-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-44-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-46-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2892-48-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2892-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-41-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2964-50-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2964-14-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-0-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-20-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-13-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3012-5-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3012-1-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download