Overview

overview

6

Static

static

3

00ae3d143c...bd.exe

windows7-x64

6

00ae3d143c...bd.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 18:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00ae3d143c01a6878506df2fa3ecd7bd.exe

  • Size

    122KB

  • MD5

    00ae3d143c01a6878506df2fa3ecd7bd

  • SHA1

    f7a2e2a318a97c77cc813f34d3731220ecf1da62

  • SHA256

    35e6921c086f2bae684d1ebd8d431b3d36c3ccd20637ee890d06ba985ed9467e

  • SHA512

    2ed40b3b70f8abe753b61e2b061374e23aae2bf7680d3d52935505c4e796706bfee736c6973fbf9a1ed620a313d8bea653141f75a00b875df3b39ff6461fba89

  • SSDEEP

    3072:u8U2yJN5f661xRZbALxB1Ojdgx8GYgSTJK5bJk9:u8U2qy6rRZb7jxGYgSTJGJI

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\00ae3d143c01a6878506df2fa3ecd7bd.exe
        "C:\Users\Admin\AppData\Local\Temp\00ae3d143c01a6878506df2fa3ecd7bd.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:2760
        • C:\Users\Admin\AppData\Local\Temp\00ae3d143c01a6878506df2fa3ecd7bd.exe
          "C:\Users\Admin\AppData\Local\Temp\00ae3d143c01a6878506df2fa3ecd7bd.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:2664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1208-12-0x0000000002B40000-0x0000000002B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1208-13-0x0000000002B40000-0x0000000002B41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2664-15-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2760-0-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2760-1-0x0000000000270000-0x0000000000297000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2760-14-0x0000000000400000-0x0000000000427000-memory.dmp

      Filesize

      156KB

      Download