Overview

overview

7

Static

static

3

7e4e11abd0...75.exe

windows7-x64

7

7e4e11abd0...75.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 16:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e4e11abd05cb6390fba06a6256ad675.exe

  • Size

    48KB

  • MD5

    7e4e11abd05cb6390fba06a6256ad675

  • SHA1

    7f6b64e831be11ca1bdb8e0328b25c22915c881e

  • SHA256

    d3a3543e334729e1e9600f591ff5b8bc8f896c39def73e592475ec80e87d0d4a

  • SHA512

    c87b340b15297ef73b6567c1656cede13261ca570a6a2a718bb42911ce421c1a41d649eb2c1bbdaaad2f450db9430f6f3be47a94cbf2be2112d343d9a9164e8d

  • SSDEEP

    1536:Urfr5GU+8Nie9qxlV5K3nVjehfkrabQdUE4++nh:Urf9GD8NieIxlV5KFjeN4+E4Bh

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e4e11abd05cb6390fba06a6256ad675.exe
    "C:\Users\Admin\AppData\Local\Temp\7e4e11abd05cb6390fba06a6256ad675.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\BRD.GIF
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3312
    • C:\Users\Admin\AppData\Local\Temp\LUVX.exe
      C:\Users\Admin\AppData\Local\Temp\LUVX.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2712
      • C:\Windows\SysWOW64\ssvchost.exe
        "C:\Windows\system32\ssvchost.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2564
        • C:\Windows\SysWOW64\msvchost.exe
          "C:\Windows\system32\msvchost.exe"
          4⤵
          • Executes dropped EXE
          • Drops file in System32 directory
          PID:4796
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 524
            5⤵
            • Program crash
            PID:4084
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 4796 -ip 4796
    1⤵
      PID:2444

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\suggestions[1].en-US
            Filesize

            17KB

            MD5

            5a34cb996293fde2cb7a4ac89587393a

            SHA1

            3c96c993500690d1a77873cd62bc639b3a10653f

            SHA256

            c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

            SHA512

            e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\BRD.GIF
            Filesize

            32KB

            MD5

            8e67ce6702304c62859cbe2652f05450

            SHA1

            9db761db7d6ea598f85e7c852313293f951dcd80

            SHA256

            a652fbc0ae1f4cbd304add020e6e6931ac219bab31958aaeffc4a3cf45467a15

            SHA512

            0cd63af3eda68080b4de9bba6f5a1548444b5708c67a7a24ed4f420646d7a864c4a548b6bc9fac3303ce5245dc423c7c53163318b29de2f7bb3fc9345a03a847

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\LUVX.exe
            Filesize

            12KB

            MD5

            49eeaae9faf68614c0723ae54447130b

            SHA1

            38b49ba4212d6ab5323f1fe791cd5cc5b9e7b759

            SHA256

            5c219da1f6acc7601da7904f61b1fe10cf295a60c344db4a2e82e8718d28ca70

            SHA512

            7f32edab4374fcf140a435186874a03e9eb645a24a5c443fa04c91248bb08f6bc1954786197a0cc655c1c32c6272e326b6328c5f925f174310e9b84bf486a3f4

            Download Submit

          • C:\Windows\SysWOW64\regm64.dll
            Filesize

            12KB

            MD5

            618ba27f0502751f408b211f61747827

            SHA1

            c78868c7b629d2e5d4f447099c9726379b6d421d

            SHA256

            5c5b2b741b4a7a152f9750e36c61fab1f65ef41955013db8aa487a2ab29b6eb6

            SHA512

            de6454a04c43c4d0d7f6604b9c0e61eea5fa88b9c15253817b7823b9e3446778331d25ca005625b69bf1f1cf01abe6b89dcdb752d6e179cb59be31f0439fe99d

            Download Submit

          • memory/2564-26-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/4796-29-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/5020-23-0x0000000000400000-0x0000000000404000-memory.dmp

            Filesize

            16KB

            Download