Overview

overview

7

Static

static

3

061e5aaf55...67.exe

windows7-x64

7

061e5aaf55...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    061e5aaf555483b8e5a988c558c30367.exe

  • Size

    648KB

  • MD5

    061e5aaf555483b8e5a988c558c30367

  • SHA1

    8799f3097e645d42dcb2ae50996cd25080872b22

  • SHA256

    8af99a59b35ef3a94aa5b2f8c621de87e58b63470c6310367331822abe38140c

  • SHA512

    1d21d991c80a5488d5ad3dd83bade9d42ae741756453ada78a50e54ae020178813af7155c2ac9f98434bcde2d536800b813ea13019a733be48b4e90dc70b479e

  • SSDEEP

    12288:i3lOzTVqfEgr5vW5AQl3BP4XZMZZMtT/TVhoEgZKL5FBlVvOcEEmH6+7+fc:i3I3dg9vW5AQfYqv4TVhoEgGvOcEE2f

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\061e5aaf555483b8e5a988c558c30367.exe
    "C:\Users\Admin\AppData\Local\Temp\061e5aaf555483b8e5a988c558c30367.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\Delete.bat
      2⤵
      • Deletes itself
      PID:1672
  • C:\Windows\win xp.exe
    "C:\Windows\win xp.exe"
    1⤵
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2836

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\Delete.bat
            Filesize

            186B

            MD5

            43957ff77b34a3606ec5fe59f1c1610f

            SHA1

            c0fd2fdeb6f2a5b3178e2189499111605a0df48a

            SHA256

            b144083aac042ec1a3801faa889ba05e174edd683cf8c04d88dc9d740705ef3d

            SHA512

            3066ce4f049c6a1561a3a0ffc29264bc77d7559ffd5bd088fa3633b81a26ac8f9ac58630ac9af128ec58e673f6b3876a3fd9717aea829fe493cc5bcb9cf51fcc

            Download Submit

          • C:\Windows\win xp.exe
            Filesize

            648KB

            MD5

            061e5aaf555483b8e5a988c558c30367

            SHA1

            8799f3097e645d42dcb2ae50996cd25080872b22

            SHA256

            8af99a59b35ef3a94aa5b2f8c621de87e58b63470c6310367331822abe38140c

            SHA512

            1d21d991c80a5488d5ad3dd83bade9d42ae741756453ada78a50e54ae020178813af7155c2ac9f98434bcde2d536800b813ea13019a733be48b4e90dc70b479e

            Download Submit

          • memory/2292-4-0x00000000003C0000-0x00000000003C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2292-15-0x0000000000400000-0x00000000004A9000-memory.dmp

            Filesize

            676KB

            Download

          • memory/2292-17-0x00000000003C0000-0x00000000003C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2292-19-0x0000000000400000-0x00000000004A9000-memory.dmp

            Filesize

            676KB

            Download

          • memory/2292-23-0x0000000000400000-0x00000000004A9000-memory.dmp

            Filesize

            676KB

            Download

          • memory/2292-27-0x0000000000400000-0x00000000004A9000-memory.dmp

            Filesize

            676KB

            Download

          • memory/2644-0-0x0000000000280000-0x0000000000281000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2644-13-0x0000000000400000-0x00000000004A9000-memory.dmp

            Filesize

            676KB

            Download