Overview

overview

7

Static

static

3

379b241111...5a.exe

windows7-x64

7

379b241111...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    379b2411110b4f9e385590ea13c1655a.exe

  • Size

    289KB

  • MD5

    379b2411110b4f9e385590ea13c1655a

  • SHA1

    90b41c5f574921ca77cf4d2cb1fae3d585107880

  • SHA256

    1584d355aa8d7ddd184612ef68a09ff02111c871513c076c6d68bd1f79899f74

  • SHA512

    0fd66e5e9cb65fdfb37bf6447977151cf9c85a0c95762e3969b58ee03b8eaadc62e386f5485fdf82324489d3f9383ecdbef01676bd67350a963cf7c2cd45b5b6

  • SSDEEP

    6144:lxqGwAcphJh9jOccrD7pivp+G0mxipZ5hya3u7sKXf8:lEGwAcphn9jOP/1iAG0ymZ58a3u7Nk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\379b2411110b4f9e385590ea13c1655a.exe
    "C:\Users\Admin\AppData\Local\Temp\379b2411110b4f9e385590ea13c1655a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\e5ab6e29-ccf7-4fcb-b7d9-226f7dc08362\start.hta
      2⤵
      • Modifies Internet Explorer settings
      PID:2652
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c rmdir c:\e5ab6e29-ccf7-4fcb-b7d9-226f7dc08362\/s /q
      2⤵
        PID:2556

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • \??\c:\e5ab6e29-ccf7-4fcb-b7d9-226f7dc08362\loader.gif
      Filesize

      1KB

      MD5

      e88ebd85dd56110ac6ea93fe0922988e

      SHA1

      684a31d864d33ff736234c41ac4e8d2c7f90d5ae

      SHA256

      379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

      SHA512

      211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

      Download Submit

    • \??\c:\e5ab6e29-ccf7-4fcb-b7d9-226f7dc08362\start.hta
      Filesize

      1KB

      MD5

      db4ada697fa7a0e215281533d52578e9

      SHA1

      fb755ea8371edf5065dc53e21eb413603f9eba7f

      SHA256

      f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

      SHA512

      9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

      Download Submit

    • \e5ab6e29-ccf7-4fcb-b7d9-226f7dc08362\InstallerHelper.dll
      Filesize

      133KB

      MD5

      9f1726e072fe7186971f169892640bec

      SHA1

      4f311d11545ade36002b96240da392d8e375e64a

      SHA256

      8de1ba2162cc234b4991a1beb5b07f86c93ed6ddae7a921f229166896451e2ec

      SHA512

      42a33e68e61662074b68a30aa901c6b6fccf975121d5a9f711e1834097e26ed4974c88b5c371648354d90f0413ea29a46ce259f93a9d719e67945bd52a9c8dca

      Download Submit