Overview

overview

10

Static

static

3

7788f918e3...d5.exe

windows7-x64

10

7788f918e3...d5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 15:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7788f918e326ff936886e276daf498d5.exe

  • Size

    847KB

  • MD5

    7788f918e326ff936886e276daf498d5

  • SHA1

    a90de1847e7f5c8023bb8f50e5d6009e8722ca30

  • SHA256

    77f008cf7ccbf955effd76539c61bc1fbdae2a3d7ad454a2d62a5f77b8ffdf09

  • SHA512

    888f727301132236d8ed94c8d54067ea31ba57b44cc73a0b202e10af3711c958b735706b9fea7025e1bec35a37401f0c8610d11c57128dd7bf8dbb7c92da1222

  • SSDEEP

    24576:SMupXJRPOzlxZ9FQibk17za1zjTYR3e7t/eYBmMLy8OnQJ:Fu1JRPOzPZQrmDg3exNBfOne

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 1 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 1 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe
    "C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:3068
    • C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe
      C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe
        C:\Users\Admin\AppData\Local\Temp\7788f918e326ff936886e276daf498d5.exe
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=7788f918e326ff936886e276daf498d5.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2748
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3a3ef5dd1415061ad73cc31af6b30a6

    SHA1

    815d278940995f4e3dc7f358d6f884dec34d1785

    SHA256

    ada28b769e318e2b212090a1e21ba4ca6d3e784207e02987528ec24fa1047b3e

    SHA512

    7afee49d74bc854dd06a893c6d6ad2235912d5c94b9123dd01c97d257ddf50d1dbb652ddd389c6af09a6ee8c9eeae48ae65d60529d9a00033ad7e096f9c509f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c225b8e8fe118ddc55bd48e617138be

    SHA1

    3d1472438bce5d79728daa0b92f86cc2c8d526c8

    SHA256

    f62ceb1fc661bfb7e9591b6d98f06b7a24e71584869492a73965399d8f13859f

    SHA512

    fdadc12ccbd9d714d5c38d8cc32dad8e523b1ad1f3d10b463a926a9cf80275284f0d04e129a074775a2eb067319da197b9aad812877e445183570521182e9952

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2be352f1e173f512f022538e7eb04fd3

    SHA1

    e29753644a7f4d3b353b6a5c12a5d6af37d7e48d

    SHA256

    5614a2d38e25d457c085d85a620e6feb159602513fd6a92c1318e53913723d43

    SHA512

    108f1afef500a77ad2cd779f3cd6f2f4504ecd196b97ae49d60018790328cc5f00490280771c4fc3f6f69910cdd793765656d8f3fb5123aa0da3c2c938996dbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21cd5b2909ec8c7af923109bedac3971

    SHA1

    9b64c3198a9e02edc079615161426ff200171f16

    SHA256

    a558aa28c3021d8396685021468578bc56ed7eb7341ff2d0066a5f3cdb41d169

    SHA512

    754c633abf9805e7b56729b9cfc3617545e11cd3c8d2d23bed41e4f4054dd9a84dc613b14e5e7f7f05547dbe7d55eb3a5eb3dcaeb30655de1d80d6b87310a1e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6f4aab7f6fcdb84997b6a6e9a23b933

    SHA1

    83404bf6d3f24c911d7a0871b9997b67979cf93e

    SHA256

    9257ac646572688691ffc7694852270042804244c1486bb43f78c3ea6068ff12

    SHA512

    5bd7595247ac3e4fbdaef911e41cf18dcbf0047d2b2d012f1e31d7df9a0dcd819f97f32376f97e5b7ea742e13c00a06481647fb7660c44b138cebfd1bf68603d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b4cc7930c469a45f01a6ca73d9d23f9

    SHA1

    4d7f8947085901a0ab8f2b72d427605d548ac80d

    SHA256

    f34fb6d5b4273bd81a2b2b3ed89a41cae2c1e9083ffa9f48a15d68cc9b5e3fce

    SHA512

    009ae89126e6119b696847e72341627ba179853c4b3667788ce097d7385ce5e01c788a354f0b83b703eaff59ff88ca3e0ddaf8e22f127e06c46bc486388704d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a7ad9d899d9c8d2d4b012e3d51e1e22

    SHA1

    7f66f995f118dc0ad4b8bbd8a25d943020314022

    SHA256

    3ce6c80ae0d15a9cef413697426769e1a4a90959fd81d274fbb6e3d83af27c07

    SHA512

    455e819da505d7b8a5f6b47d912ceccc2f5d18f3ab5543010188f0467bf7dfd78b35c1142336571b18e293b6700f42bd7de2dd1c858aee2e299ffe881e6f00bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0898f413186a0b9007fb295bdc630e92

    SHA1

    ba334eb055f390eb198355bf059cab6c68e3791d

    SHA256

    a358abefc80e2195d1925f799ebf8fc21fd64ea3969ecb76d2c6c26023258667

    SHA512

    87694257a3371a887546708225485db805334a11beec4ac5e4e20a5d048da9fd75f27ffb719840514f5237a1efa1e7aa726095d760ebe924755189a883793799

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b0a474e4fa6bae6a8484f007d71f680

    SHA1

    c6d6852e514ca733a7cef0814c214504f90596c4

    SHA256

    b5a85415371da4de3d9d3d0a616f452d3cf6749284ea818e62166a676fafe5fe

    SHA512

    85d3e383c2090a31144c1b23c9b2b440be9d7df794bdceda1dda90d3521f31089369358cd745235efd80013310a8b2bace0b64e7c029c649fcf81bf996b5f994

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36bebd188d37283728817bf4c95e3841

    SHA1

    ac8221c088922385de111a7b12858724fd508c96

    SHA256

    b7a862d953fc0194d2c6f748dd3d6f9fdae31ca57ba53d959128d386e5c6859d

    SHA512

    46cb5c0bb2d59586d71482180b227726bbe5092bfd1d85766bb7f70576daf51706b1e61da62bfd016cd6f83f1a570e40acd05ed8078f66eef0f98bfb4ca34b6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53eb33da704c91a903678437495471e4

    SHA1

    2b010b823ffdc4b656d16e355a3d99af2ea4f4f0

    SHA256

    28600ba3774d92b4864731ea18330762e884133703afea6a80e56da08051411e

    SHA512

    f54b8d157d05b8bda960fe966d85a8a8414fabe0acfd22027f6ae66332020a4738a3df575d9b61bf2bf545af70aa4171b6853c4e9365181a9893eac9e4221392

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af9c27e7e4bee88a0d1148e5e066a043

    SHA1

    335c688c9fc752087acf360bda0db019c9003e43

    SHA256

    58f14814e70464480f2995c7e0d908047aabebfb1700ff656521c1b46bacbb11

    SHA512

    21fe9afecda688e546b302b1d1f752ab78e1c5efb7b417dc5cb2962dcb3102ea3a4c74b59de5a8d506ddf392a33c977d3aa97b869d3ef3842362555ca1470597

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63ca304eceb96d2749c01e66e092d4db

    SHA1

    c1efbd7d2da6fb176bcca2c5784a70fd7e09f0a1

    SHA256

    d7a839096edc9cb43016fdbe361bec97158dfa0d3946aeb14b13e5405d8d0c03

    SHA512

    649e6a4779d11e875dd1a6e62ad247bf72773d4fa47df21aadd8650af6aab8cca28bbdce07dea9a4c78eb504f4a3367b5e857dcad30cca68a3970909e9cbd016

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb71ba524ab32602cddee77f6f2eca98

    SHA1

    c9a28b2e031bfc03d829cd98f904b5918e505163

    SHA256

    b9bc0c8dcc94b21286000583b8495d9ca208519c324bd26ce17d3b4d12b1ccbb

    SHA512

    cdcf9167b65218d458da3e7139eea0aa61c837ce9229646a7b726254e345eaeb5d6d3a10d46506acbb67b6fc862e01c59029b2ea2831f13a8b313fe17d2587fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac496fc2c7e71d5a8d38c18a322c2681

    SHA1

    9b4e609005eeba10852b0441e00a5b12908d8b92

    SHA256

    725860bb1bccc8c553889d73ca803ad5bc122cabe889ab7affe3d889f2da59f4

    SHA512

    1d9207caa9cdcf3b911537f40c634191cfb624bfeec554b5b44b826103b1a25152d5d9aa41272fc2c92dc737b495760b463947399850387ed3f65992606c5eac

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB4C1.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB561.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1636-2-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/1636-21-0x0000000000400000-0x0000000000414000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2800-15-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-13-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-11-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-9-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-7-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-20-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-22-0x0000000000400000-0x00000000004C0000-memory.dmp

    Filesize

    768KB

    Download

  • memory/2800-16-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download