Overview

overview

7

Static

static

3

72c812a686...38.exe

windows7-x64

7

72c812a686...38.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 13:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72c812a6867448ce8141e1d896597638.exe

  • Size

    581KB

  • MD5

    72c812a6867448ce8141e1d896597638

  • SHA1

    f162742056dcc0a83d88ea7182203da1fddea1f0

  • SHA256

    09fe2f77271533fac4fc8e32d7bc8ca2d6cd7f2bb7b8bda1237bb02a47995ed9

  • SHA512

    48d09795d82074a54739f239e75b09a54142619d0dec80819df69b3fa0c20b49e358dfd91702ee0426f789be9e8fe2f3e0f92a947a95d3794b80c261dcfa6490

  • SSDEEP

    12288:uoMDtCi7NFlZnNqZ9xGrLpZ0ZHEqtgb0UU:ufplNFgxG5eZngb0P

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\72c812a6867448ce8141e1d896597638.exe
    "C:\Users\Admin\AppData\Local\Temp\72c812a6867448ce8141e1d896597638.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
      C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.97199.com/install2/?sl3
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2864
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
          4⤵
            PID:2984
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
          3⤵
            PID:3020
        • C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
          C:\Users\Admin\AppData\Local\Temp\nbfile1.exe
          2⤵
            PID:2732
        • C:\Windows\SysWOW64\WScript.exe
          "C:\Windows\System32\WScript.exe" "C:\newsetup.vbs"
          1⤵
            PID:1160
          • C:\Windows\SysWOW64\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\1.vbs"
            1⤵
              PID:1156

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
              Filesize

              355KB

              MD5

              93ca7ece46dd41b3c9a52fe28eef0446

              SHA1

              7b864bb7f46923782859e8bf684d2d85097931a9

              SHA256

              7afe2a530a84b26eb05130e206198b09bd093ee5c7f7ac5a894c5d4326bf8541

              SHA512

              97c206ec605acf8d7e07fe4ea1af4b89d27ee6de7d3f1a2a5a9bc1c9af2743056f46555872a83a1f17da6c82287f6efc20f35756bf25a42f00fb0db38c8248a7

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\nbfile0.exe
              Filesize

              97KB

              MD5

              e9f9e85b355d1965d738400b19bf241f

              SHA1

              81524cd620b02db781067da271d34c3a7c1cb02c

              SHA256

              892d844c812979f985d7434a6e5e41d4ef5ae4b13f819114498016fdeb72122f

              SHA512

              ddfc4d037b22e407dc4fdbf42192e551b7583b38a1fe0ffbbae452cfdf4db490fadb20cc34f38c4051e14a9ef9f24da834afeba7f773024b835418102b7156fe

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nbfile0.exe
              Filesize

              467KB

              MD5

              74869a0346ab36bbba85022612505121

              SHA1

              2cd02f46f2f9f46eaf15fce40a3bf4781f80cf8a

              SHA256

              6de866b5c8abb1db9b2be231b365c1aa029118fbc58823f443f00e3a33dff18a

              SHA512

              723812083113cff82aa5e2243759c572518865e351cc81b7c2b85a05557862dbbd7a98b964ff6f3aa3802bb5d4dab01a14147211495fc5803d9ddb7b715f4de5

              Download Submit

            • \Users\Admin\AppData\Local\Temp\nbfile0.exe
              Filesize

              382KB

              MD5

              cf0323403348d9126e45119b99ca5f3e

              SHA1

              0a2fe897b0bb535615d84cb5e791f208a65638b8

              SHA256

              cb48e50cd4423351d4a7e54de8729d93124ee5fc981e94eb6266941ba7145440

              SHA512

              0dd03e0cf7fd0ffc3f1f2961b510f05404d2f69e6439d99a4b959ff9694372975b2febff9f5b7f630b3f28c13cff39bac428be1bfc73071633833f0488c7e0cd

              Download Submit

            • memory/1656-9-0x0000000000220000-0x00000000002AA000-memory.dmp

              Filesize

              552KB

              Download

            • memory/1656-8-0x0000000000220000-0x00000000002AA000-memory.dmp

              Filesize

              552KB

              Download

            • memory/1656-28-0x0000000000400000-0x0000000000497000-memory.dmp

              Filesize

              604KB

              Download

            • memory/2400-11-0x0000000000020000-0x0000000000022000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2400-10-0x0000000000400000-0x000000000048A000-memory.dmp

              Filesize

              552KB

              Download

            • memory/2400-14-0x0000000000400000-0x000000000048A000-memory.dmp

              Filesize

              552KB

              Download