446dabc8331fea7ae10646a5075c00e7b787f5e95391eb1ef54a197aba0f1344 | Triage

Analysis

max time kernel
177s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 09:21

Sharing

Report Analysis Logs

General

Target

143a9e0af67ed652a8d5f134f62a16e3.exe
Size

6.0MB
MD5

143a9e0af67ed652a8d5f134f62a16e3
SHA1

7181a282ffcc29c819f494d980413fd1babe0116
SHA256

446dabc8331fea7ae10646a5075c00e7b787f5e95391eb1ef54a197aba0f1344
SHA512

6f61006729ef5dd494186b28056cba12a753458f83a48029dd8c79d3d8696b131e767da696e45bb120730e886db1ed27c4d025eac58f6f21214d362821c6b219
SSDEEP

196608:n03T64V/fi5mVWAl5H08gs5pNW2PsJFMf0hfkw:n0L/KMk2HzfIThcw

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsSystem\angeletsoft\angelservices.exe	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\regwifi.bat	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\unregwifi.bat	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\BOOB.INI	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\PCANDIS5.SYS	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\__tmp_rar_sfx_access_check_259453312	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\WLanScanner.ocx	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\regwifi.bat	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\unregwifi.bat	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\WLanScanner.ocx	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\BOOB.INI	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\PCANDIS5.SYS	143a9e0af67ed652a8d5f134f62a16e3.exe
File opened for modification	C:\Program Files\WindowsSystem\angeletsoft\angelservices.exe	143a9e0af67ed652a8d5f134f62a16e3.exe
File created	C:\Program Files\WindowsSystem\angeletsoft\dotnetfx.exe	143a9e0af67ed652a8d5f134f62a16e3.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2156	143a9e0af67ed652a8d5f134f62a16e3.exe

C:\Users\Admin\AppData\Local\Temp\143a9e0af67ed652a8d5f134f62a16e3.exe
"C:\Users\Admin\AppData\Local\Temp\143a9e0af67ed652a8d5f134f62a16e3.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2156-14-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download