Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 09:52

General

  • Target

    154f06931bfd7a781813dc5c4863e8c4.exe

  • Size

    755KB

  • MD5

    154f06931bfd7a781813dc5c4863e8c4

  • SHA1

    bae7cd6eaebd911da73da8aac3f90654c573732a

  • SHA256

    2e82b852582cedf9977d2c6e376bd4ac75d0773e105c3fa3474e7c216fd007f3

  • SHA512

    729ad5a5fdebdb4ad5d81cf83f33c7b303282607c6064a77da197b6342f8a2807ffe74bee61891d885ee061519a87cd7d8eb716bfd8c90c23b0b5b2f9dbba312

  • SSDEEP

    12288:sQN20eCofhgVDNuK40ufbN64b6slOJ5B/N2j+aFUnQn53CI2tjyufeKK1:/40eCoJgD8H3T04nARN2H6nQn53lQjy9

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\154f06931bfd7a781813dc5c4863e8c4.exe
    "C:\Users\Admin\AppData\Local\Temp\154f06931bfd7a781813dc5c4863e8c4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      C:\Users\Admin\AppData\Local\Temp\setup.exe relaunch
      2⤵
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    80f89b399db6c9f5231bba2108fb939d

    SHA1

    a93be511e1ae0618218d148f8bb258353afa53c1

    SHA256

    05c67894a1d7169dd7d08b58d0233329a7249895e25169707c82df9b0c9731a7

    SHA512

    44a6b285f1134ac6c2f134f662a291de16ab3d1221d64ac5cf13d05933bea49c1e63c52e02cb77ff63b727427660b80f1c60fe18430e3ec0b9bcf2dc64e64eba

  • C:\Users\Admin\AppData\Local\Temp\CabED0F.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarEDFC.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\setup.exe

    Filesize

    321KB

    MD5

    e258d6a2b999d8894f0c73718514f9d8

    SHA1

    25ef57a3a5ed1b4af47c033b483a6f0551561a68

    SHA256

    47da11b43340e57baf75189c61fe29335cc06f5495f00cce089a7d74f925f346

    SHA512

    5bf7ae5be8ba9c29db8f5b0c8fa5965fc1fa21dace228a7f96399bfa40d5bd6c53b229aeb101455941cd110d0fc24f3b0477595de02d32b3da63b495ba7cc81e

  • C:\Users\Admin\AppData\Local\Temp\setup.exe

    Filesize

    227KB

    MD5

    6f5443ef957f2e603b9cc7045b7c491f

    SHA1

    9bf7c210f39b59f0c05837cff9445b465201bec4

    SHA256

    e35f0f275df9a3052aa108f2d0eb92efa2e0b0bb48ae31c9cd80fdec5b026a3b

    SHA512

    2dbab50da3f7f81ade2ee4701488e32f2af7740b56bcb73b216f0f874abe89b87e615311a3a649392a8507612ff159ba9020959ab290794839cfc51fcf54e8e3

  • \Users\Admin\AppData\Local\Temp\setup.exe

    Filesize

    740KB

    MD5

    778db2dad9007bfd6c2c888b87be2e18

    SHA1

    e01aeba91790dd2891e5c8c9df5ba5c17ea90b89

    SHA256

    30f36a7bc2b6991513f7f387576fbc9f982e16f78f8d75d13b84b642e1a65ca2

    SHA512

    922181146fe8f4f2148e3417644e5d278bb3386aad65eee3f91282836705da5f114010f928ff3a7d84f5195316114656fa86494b67e1a5f355093b3098e594f0

  • memory/1696-4-0x00000000026E0000-0x000000000294D000-memory.dmp

    Filesize

    2.4MB

  • memory/1696-7-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB

  • memory/1696-0-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB

  • memory/1696-9-0x00000000026E0000-0x000000000294D000-memory.dmp

    Filesize

    2.4MB

  • memory/2172-10-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB

  • memory/2172-13-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB

  • memory/2172-11-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB

  • memory/2172-95-0x0000000000400000-0x000000000066D000-memory.dmp

    Filesize

    2.4MB