Overview

overview

7

Static

static

3

0672bb4df0...3e.exe

windows7-x64

3

0672bb4df0...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0672bb4df0adfb40f77a9d25310f553e.exe

  • Size

    676KB

  • MD5

    0672bb4df0adfb40f77a9d25310f553e

  • SHA1

    3f389f84668a588714748a198364029aab59cbc0

  • SHA256

    a3249dbd5754079b2c2c7b0d4c503d07130cdd5c110bff407d4a037cb7c177bc

  • SHA512

    da3121bb893a892e4b44971f38a720abcf6d88de16b09dbb6a93f4b361539f94ce0015cca10ac743c5e5e3ef98673eb76a1a3d27df3c2cbfa9fbad2941da5c27

  • SSDEEP

    12288:gzy6rRxEkbpnfkjuVtPuVcG6YO/uV1ObuVtFnvysf1Q1TkAQTuiHL6L1k:z6rTnbp8iVtGVcG9pV1OqVtFnSQT3rQC

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0672bb4df0adfb40f77a9d25310f553e.exe
    "C:\Users\Admin\AppData\Local\Temp\0672bb4df0adfb40f77a9d25310f553e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" "javascript:new ActiveXObject('WScript.Shell').Run('SOLA_2.0_183751647212086.bat',0);window.close()"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:1344
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_183751647212086.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3032
  • C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c dir C:\Windows\explorer.exe
    1⤵
      PID:2280
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c date /t
      1⤵
        PID:1212

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_183751647212086.bat
        Filesize

        10KB

        MD5

        d5b466404574cb68a7d51a4d0f130786

        SHA1

        ad6fbf20ec9c322b241a8f7b0517ef24bd52f7c2

        SHA256

        87e1313eb3095b67870f7872d90914d563268efccb2c48d388b5d83458cfe0bb

        SHA512

        402e867574fab262e2e7cefa74f00a48baf18424b4849798b92fde59a8ed00f597e5388f47dd22caacad51f3d8e5e6780177c13738997dc4feeeb7e87908bd7a

        Download Submit

      • memory/1988-7-0x0000000000400000-0x0000000000425000-memory.dmp

        Filesize

        148KB

        Download