Overview

overview

7

Static

static

3

2d39c9269c...e3.exe

windows7-x64

7

2d39c9269c...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    51s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d39c9269c60708c89f1625b51feb0e3.exe

  • Size

    946KB

  • MD5

    2d39c9269c60708c89f1625b51feb0e3

  • SHA1

    bea40d07bc3bcecdf55ea7d49f1190804ca8d537

  • SHA256

    3bc7eed96139ff6b7613c0961055b796933457d71ba0dbeb9daba6552e0aede9

  • SHA512

    d4cc458945015d2367ab5494b8d67bd1ad58a5d4cda8760e478b8535f4fe1178bb8418966ea2f3267ebbca50577ef4e2ae4e58f0058d28789855b9d1a287986d

  • SSDEEP

    24576:BLGQjVY4nT8YgT8ZCIVMK4jND/vDcpLfkSuUneSxH:B9bT8YgT8nMK4jt/7c9uUnXH

Score
7/10
discoveryevasionpersistencetrojan

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 11 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 29 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d39c9269c60708c89f1625b51feb0e3.exe
    "C:\Users\Admin\AppData\Local\Temp\2d39c9269c60708c89f1625b51feb0e3.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Program Files (x86)\AVM\avm.exe
      "C:\Program Files (x86)\AVM\avm.exe"
      2⤵
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "C:\Program Files (x86)\AVM\avm.exe"
        3⤵
        • Loads dropped DLL
        PID:456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\AVM\avm0.dat
    Filesize

    92KB

    MD5

    7c4add3ed1dc22aa8bbf28a32f030a5f

    SHA1

    3588caeaa752af223de9370dd57f1077a515a5a9

    SHA256

    d273d4bdbce42d8ef1f6aa439751a2d647ed3d9337ce67462eddaf478bbe03eb

    SHA512

    668e81bbdc86609fa7994e1351e2da8dd3b85c54849c6230590331b52ed4f307bc0901bc742cf79cf02c863b29f40faee69839cc00df650388145451973afdb3

    Download Submit

  • C:\Program Files (x86)\AVM\avm1.dat
    Filesize

    32KB

    MD5

    8d3489379571bce6ac707a3eb6a13c31

    SHA1

    a91bb6b3ccb5d110ffd180ee31521d3f4411cc82

    SHA256

    1aa790222bb1b3dba15c0885d4f0f5dd822a7222f56b3053cf0fc38ad9565371

    SHA512

    16eb41dc85a71d2e0ae274c187ae3b529485e459f15143a726ccd01cc33f725c05cef7f2562fcd022e0f00ef162228055ef1603ad6f9d8f1e33d504236b1c112

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\g1[1]
    Filesize

    1024B

    MD5

    8f8d8d07b4d2dd7fc7c97a0396683eea

    SHA1

    9cfccb49f7cbf1664257f3da701125cc9a37c7c3

    SHA256

    d240106981f8c50ccc625329c7e92ac8b139208643eefb733a580cc5f0ad1eb3

    SHA512

    0f18ad300448c84dd5b4d72219b9327c522d5c6d6e870f0504f59b2963bc8c222156da9d15298929832231a00c09ac0f7aaead39fd83592d4e98830db1dc633c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\g2[1]
    Filesize

    613B

    MD5

    727a63363c1c5e84451ea8ef27ed1c8d

    SHA1

    aad7fb2b949e5045bbd9612a468611f55e47e4ca

    SHA256

    b0bafcaa21b73ff3b4f06f7304f08f90693eaca58c92ca4ee22ef7dcdafd823c

    SHA512

    bf0fc89c1057adebff595d4aa6639ea9fb6a15a07f5882223f568eda4c6b39e07f3b3972a77e106a20057a4a2584835ccf96831bd44eb5426710014c173b267b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\g3[1]
    Filesize

    1023B

    MD5

    aefd444122479195a041153e433d7c84

    SHA1

    aa68d0404afe9aa4bbd15f1c732370b8aa323072

    SHA256

    5adf118b3b1a73e88fd25981132f01bcb77b7961a0b219a71fb13c8e88d681eb

    SHA512

    131e0bc9e0a3badb4c9b29e26f36861c2876b7fc6a775ceba6393c37d8575fc6ef7fe2c7f91c1e1202b361e25aa0243f3a7f260adf8b36e157bca31196fa0d8b

    Download Submit

  • \Program Files (x86)\AVM\avm.exe
    Filesize

    361KB

    MD5

    6535826d9a168414e0f8840adcd42189

    SHA1

    352f933adb680d42d54b3178281ed60d112c580b

    SHA256

    a7fb1cf220bfd088ff8f17989c0e459862ffa6d732873b41b4b49c78b312471a

    SHA512

    54b04800d2c0a56f1e533ac30f5709ac583180f631bbc1e09386ca506f54dd01630450fed15f28d0a35303af18b4f530c479d8b02a0c51af60388af6bedd8cf2

    Download Submit

  • memory/2256-13-0x00000000031B0000-0x00000000031C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2256-19-0x0000000003290000-0x0000000003329000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2256-24-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2812-109-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-127-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-32-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-33-0x0000000000510000-0x000000000053C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2812-94-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-26-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-115-0x0000000000510000-0x000000000053C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2812-114-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-116-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-125-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-126-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-31-0x0000000000900000-0x0000000000999000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-131-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-135-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-178-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-179-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-186-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-187-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-188-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-189-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download

  • memory/2812-199-0x0000000000400000-0x0000000000499000-memory.dmp

    Filesize

    612KB

    Download