Overview

overview

7

Static

static

3

28e693b783...ec.exe

windows7-x64

28e693b783...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 12:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    28e693b783eeb26da5394c99e18697ec.exe

  • Size

    7.9MB

  • MD5

    28e693b783eeb26da5394c99e18697ec

  • SHA1

    d83ff1e8b42474189ffae60e0a67ff121b48401c

  • SHA256

    91c46b6f80e00962af3260629ff8950c6c0dd463bd93f6c0b0adb3c08e0be5af

  • SHA512

    f1ec13176f36ab53e5062b3b09481d0213e6c396539c7ce3a58d092a42f8310abd8e3106db00023ec7915a64107ee3e5f219748d1e285373a2b35837a32dcbd5

  • SSDEEP

    196608:8eazg7DSmeazg7DSmeazg7DSmeazg7DSN:cg7uOg7uOg7uOg7uN

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\28e693b783eeb26da5394c99e18697ec.exe
    "C:\Users\Admin\AppData\Local\Temp\28e693b783eeb26da5394c99e18697ec.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1516
    • C:\Windows\SysWOW64\reg.exe
      "C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f
      2⤵
      • Adds Run key to start application
      • Modifies registry key
      PID:4240
    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
        "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1408
    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      "C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
          Filesize

          2.6MB

          MD5

          853c46b26edab03b8aac0c7d767c0409

          SHA1

          fcb9928d4ec002cdfd9909d56ef17e20a3c68f8d

          SHA256

          56962efe94e5466fa5a4275f48c672afe9659b6647f5477affb1cfc1448ed98a

          SHA512

          6d32833644386616e1d70438bceb839a954202d2d1bad27284c0cf1857dd3d4b17b9bc08ea55f54d859a7f6af6ab5c255737a9c703b40e4a72375a171c3d64b3

          Download Submit

        • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
          Filesize

          7.9MB

          MD5

          5bf6d6eaef475c7f54f219729693e6a3

          SHA1

          4c77bc333c87aa9e5a8373ed99e705bff32e36b3

          SHA256

          5b76b28f078127abf5311c8e3ae91e53b27b5208780b15bc96c2b95e289d8573

          SHA512

          3b9d31c7936d592598e56d2b14fc0279dfd8749c7bbef3d37b457ce9e336aa55f78e3df470457b63f83a9ec4f4e07a29d637c9573ecc54edbfd4a034f6bd0041

          Download Submit

        • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
          Filesize

          3.3MB

          MD5

          0bfa6ba50b4e1a37e1d1453c133484d2

          SHA1

          ec83fa63b38e0319553b09167d31522deb726eb4

          SHA256

          191e3beff311aacad2111bb09e0f53d66f2cf8d0b1eb3f23b7d78bf1c2065aef

          SHA512

          f6d8672399488ee7e3a758c698ff18160d7303260c6762de7f4f01bdd1c512fd7ae9d64e92cf0697d9c65a1dc61c93a0ee0fd92447e6d7770c5690996f194cd5

          Download Submit

        • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
          Filesize

          2.0MB

          MD5

          4775c39b4cf7e01cd2da1893ed9b9524

          SHA1

          0a30ba1e6dda59acc91096b8862e728f1f5181a8

          SHA256

          079fcb2c4fdf8ed8126f9a2accd0a15b42c9b768decba5213ec4d08d920b1592

          SHA512

          05005b5be28c1feb74ec8fc2bd4393abee89726cbf1769ee235c092790b5eab8316918148898e7c2cf59cc6794c0696cdbe113f32e25e4fd8f6f58249a341e86

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
          Filesize

          1.0MB

          MD5

          a2f259ceb892d3b0d1d121997c8927e3

          SHA1

          6e0a7239822b8d365d690a314f231286355f6cc6

          SHA256

          ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420

          SHA512

          5ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad

          Download Submit

        • memory/836-28-0x0000000002860000-0x0000000002861000-memory.dmp

          Filesize

          4KB

          Download

        • memory/836-25-0x0000000002500000-0x0000000002501000-memory.dmp

          Filesize

          4KB

          Download

        • memory/836-37-0x0000000002500000-0x0000000002501000-memory.dmp

          Filesize

          4KB

          Download

        • memory/836-30-0x0000000000400000-0x00000000004FB000-memory.dmp

          Filesize

          1004KB

          Download

        • memory/1408-38-0x0000000002240000-0x0000000002241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1408-34-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1408-44-0x0000000002240000-0x0000000002241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1408-41-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1408-31-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1408-33-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1408-39-0x0000000000400000-0x00000000004A6000-memory.dmp

          Filesize

          664KB

          Download

        • memory/1516-0-0x00000000024A0000-0x00000000024A1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1516-1-0x0000000000400000-0x0000000000601000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1516-11-0x0000000000400000-0x0000000000601000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/1516-24-0x0000000000400000-0x0000000000601000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2224-35-0x0000000000400000-0x0000000000601000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2224-12-0x00000000008D0000-0x00000000008D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2224-29-0x0000000000400000-0x0000000000601000-memory.dmp

          Filesize

          2.0MB

          Download