Overview

overview

7

Static

static

3

053648b96e...a7.exe

windows7-x64

7

053648b96e...a7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 22:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    053648b96ea0701448feab37943a48a7.exe

  • Size

    640KB

  • MD5

    053648b96ea0701448feab37943a48a7

  • SHA1

    55958087776efba9a8502183bcb3d08d9259ee08

  • SHA256

    c68341a4b47884155d62d081d4dbc341a1697bef62229bc7d9cfefa5391dac27

  • SHA512

    6a759843fd57c3d54a195a986c4c0be35ec3a7b40a0e8f59415cad5a9ac12bb78d36ff3523899d5e09c0c0c6655b76a53da280b1aaaf9b5bd61a930b1133b261

  • SSDEEP

    12288:3oUom7SSICTMRHZ58dhhmC+02P0sJRPF3Z4mxxiiguUpWqIDxwrrea84AVTZF:uSbA1i9+xM6FQmXrg3RAVb

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\053648b96ea0701448feab37943a48a7.exe
    "C:\Users\Admin\AppData\Local\Temp\053648b96ea0701448feab37943a48a7.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\uninstal.bat
      2⤵
      • Deletes itself
      PID:1980
  • C:\Windows\SYSTEM\lisp.exe
    C:\Windows\SYSTEM\lisp.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\system\lisp.exe
    Filesize

    640KB

    MD5

    053648b96ea0701448feab37943a48a7

    SHA1

    55958087776efba9a8502183bcb3d08d9259ee08

    SHA256

    c68341a4b47884155d62d081d4dbc341a1697bef62229bc7d9cfefa5391dac27

    SHA512

    6a759843fd57c3d54a195a986c4c0be35ec3a7b40a0e8f59415cad5a9ac12bb78d36ff3523899d5e09c0c0c6655b76a53da280b1aaaf9b5bd61a930b1133b261

    Download Submit

  • C:\Windows\uninstal.bat
    Filesize

    190B

    MD5

    68b48cd831e15a631fe2eee2eeee83b4

    SHA1

    dade551c17b8cb2c447eff8dd8bd5e98557f30d3

    SHA256

    c503dba2e7c2b31b51fdd145a92ba7c0e58d3561ad45434736f88fe3b4c029e8

    SHA512

    c2b8654f1c97d6c404a252f0f483e70f68568a37ce98cf9935ee844b3c7ac1967028740ca933e48ee958bd97ebb43119c31f7543412da2a0118fd959f61c8428

    Download Submit

  • memory/2444-15-0x0000000000260000-0x0000000000261000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-10-0x0000000001D70000-0x0000000001D71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-0-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2444-14-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-9-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-8-0x0000000001DB0000-0x0000000001DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-7-0x0000000001DC0000-0x0000000001DC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-6-0x0000000001D50000-0x0000000001D51000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-5-0x0000000001D60000-0x0000000001D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-4-0x0000000001DD0000-0x0000000001DD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-3-0x0000000001D80000-0x0000000001D81000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-2-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-18-0x0000000003290000-0x0000000003291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-17-0x00000000032A0000-0x00000000032A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-19-0x0000000001D40000-0x0000000001D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-16-0x00000000032B0000-0x00000000032B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-11-0x0000000003280000-0x0000000003281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-13-0x0000000003370000-0x0000000003371000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2444-12-0x0000000003270000-0x0000000003273000-memory.dmp

    Filesize

    12KB

    Download

  • memory/2444-41-0x0000000000590000-0x00000000005E4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2444-40-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2444-1-0x0000000000590000-0x00000000005E4000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2816-24-0x0000000000530000-0x0000000000584000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2816-38-0x00000000031E0000-0x00000000031E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-28-0x0000000003190000-0x0000000003191000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-29-0x0000000003180000-0x0000000003181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-30-0x0000000003170000-0x0000000003171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-26-0x0000000003250000-0x0000000003251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-27-0x0000000000610000-0x0000000000615000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2816-31-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-43-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2816-23-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2816-25-0x0000000003160000-0x0000000003161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-44-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2816-46-0x0000000000530000-0x0000000000584000-memory.dmp

    Filesize

    336KB

    Download

  • memory/2816-49-0x0000000000400000-0x0000000000527000-memory.dmp

    Filesize

    1.2MB

    Download