Overview

overview

7

Static

static

3

1a4893fa4e...69.exe

windows7-x64

7

1a4893fa4e...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    223s
  • max time network
    240s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 23:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a4893fa4edaf7382fb5a35d96289669.exe

  • Size

    294KB

  • MD5

    1a4893fa4edaf7382fb5a35d96289669

  • SHA1

    87b4d4907372d903040bb13a569246088f4bf3dc

  • SHA256

    ba0b9c1a7b6328e56d9fd1ae303491ef2101e20d841515d0350847c6a9811e51

  • SHA512

    9948dd9cf8c82dd6b6c6a12f2ef8f59cb69d2799e73cf57d49ac5a9ed6e56a21478273e66c9bce7f605341dba056a77a3e2d205f3756bbc9f96f220ca4795439

  • SSDEEP

    6144:kG8UEd8BKBLpr3Cm6PfED3qzdo1kaeaQMndLcNpf4:kG8UEdDTCNEzqzaBndI

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 20 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a4893fa4edaf7382fb5a35d96289669.exe
    "C:\Users\Admin\AppData\Local\Temp\1a4893fa4edaf7382fb5a35d96289669.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\AppData\Local\Temp\znGFD28.exe
      C:\Users\Admin\AppData\Local\Temp\znGFD28.exe NkaYqchnnDdwJmFyz0
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c start iexplore -embedding
        3⤵
        • Checks computer location settings
        • Suspicious use of WriteProcessMemory
        PID:1344
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4716
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4716 CREDAT:17410 /prefetch:2
            5⤵
              PID:4556
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\znGFD28.bat"
          3⤵
            PID:3616
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\hWAFE70.bat"
            3⤵
              PID:5056
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 308
            2⤵
            • Program crash
            PID:444
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1968 -ip 1968
          1⤵
            PID:4780

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\hWAFE70.bat
            Filesize

            188B

            MD5

            b6aca5057efbc433d0e6638d1fb8877e

            SHA1

            5fac84c42dedcb6fae15ad00856cff6f25960d37

            SHA256

            321dac7b21d63ccae99e4aaf443cebda5250dc91c18c39d0989865f5a3eb613a

            SHA512

            a4a9dcaaa5d32c6f95a7dc3cc1598702c9970249701526159ce77c9534bd1b500621bf0653859dc694206404cfaeba7f53e047f7a36f260fa9cb2697b04cb97e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\hWAFE70.tmp
            Filesize

            106KB

            MD5

            3d5b47074f91141df959bff5f09d26fb

            SHA1

            c9ee992eaceacb15daaf99745fae7c12ec2a907d

            SHA256

            46928ae33391f8ca8fc269febcf5ddd2b15ee0cf463c2828b178d0a713a117c6

            SHA512

            48832fad97fd561d89f2be86f16a8a7b797d9d55a266912c4d5422eaa12eb058757e5ec175430570fcebcc2a6525fff29a36f15c211c6c4d9f1e519cfa5fbcbe

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\znGFD28.bat
            Filesize

            188B

            MD5

            1a74be72c926b37150c17aea18f4d04c

            SHA1

            bc369e7f0891fd4dc57427b858668123cab13950

            SHA256

            1590e09e9f39fbf60e51a8dcd6a9522118544a234016097d88190beb0a0ef928

            SHA512

            ddbcec2d627cbc35329bef06128832aa5eddfe362fad5bc07d83303bd21f650eb4ae9db535373a6aa48314774189c4adae88d321e3e022081ccc89356f69a56f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\znGFD28.exe
            Filesize

            231KB

            MD5

            af87658d30c2166a1949759cfdec0386

            SHA1

            b2d112f6f9728b3e2318ae08eadc61373884c30a

            SHA256

            3d9c6ffe9eb7e842b0fad5063db7e886cb794301d3268b7ee3b840b6d01b3c20

            SHA512

            cd2eaaacf54a5a6b6300d7119f7dbff0b000b7ddcf6af4ef0450df816c1352ae95da459b6f3a422d82d0930765fd984efd19ec63de799b451e123e5ab5dea9d9

            Download Submit

          • memory/1512-4-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1512-5-0x00000000001C0000-0x00000000001C2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1512-18-0x0000000000400000-0x0000000000440000-memory.dmp

            Filesize

            256KB

            Download