Overview

overview

7

Static

static

3

0045af89dc...dc.exe

windows7-x64

7

0045af89dc...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 18:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0045af89dc768e53dfbe91ce2580b2dc.exe

  • Size

    45KB

  • MD5

    0045af89dc768e53dfbe91ce2580b2dc

  • SHA1

    6ccf402e3a33730c913ca8b9366e4e663df0500b

  • SHA256

    5134a9e74f3bb914628aa1bfb42847cf880612ed38ea080ead0bd1b4a8e39a53

  • SHA512

    5b1c11b810e384b78396f629a2d395231f3f5ae230bc2ed41c8a9be0dfad2a62301067148c64f305518659ea8501b700c13501719cf215345106134a7350400a

  • SSDEEP

    768:c3Y3v3t3E3dgdbV7zOjy16fggB1+2fKZmcL/MywOlS51rBFtFRutcN4XSLQmLUt:c3Y3v3t3E3AMy1jgy3ocLfYvbuyaX6QB

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.exe
    "C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1940
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2788
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2784
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe91A5.bat"
      2⤵
        PID:2696
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.bat"
        2⤵
        • Deletes itself
        PID:2548

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.bat
            Filesize

            263B

            MD5

            8403e8ad1cd1857281251ccf371c7b29

            SHA1

            60442cf8e9456038caefe9c938d780dad1548940

            SHA256

            3b008fc20c1389edfd1c1d4af580bf140a7bcd175c38057f9ebcdc1a17b3cccd

            SHA512

            360e271f1b1ab260ddcb06167b885cc99d2643cd4cd6e99b94760a1701898f69c0fdbd3c64b11630f12c110ca83197847dc9d8ec91a36fa23410f8d403f601c3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabA121.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarA144.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\twe91A5.bat
            Filesize

            188B

            MD5

            25c949bac3e30361d870be12a555ccb6

            SHA1

            386d1f49f1bf19fea4294c8712b051a9d7510c11

            SHA256

            f331049bb8bd2c207d526f0e1fca583bf7321806fbb1d9a96c1794befc115bc2

            SHA512

            12011cde65e90d5240df9326666328b5dfde4ddb1130d2153e6de2bc0c1a7fe63b3741995769c3b5436da7487b8319755030ba833b0a18aaad0d08228dd239f5

            Download Submit

          • \Users\Admin\AppData\Local\Temp\twe91A5.tmp
            Filesize

            32KB

            MD5

            b27c4843d6e712c2b7284c92b3f0172a

            SHA1

            ccefc0653e9a5530cfd4e49eb075a108f39f3aa5

            SHA256

            8ba55320783e1e22d889d467e4058d1ab01890750b40262a8475239f2556d6c6

            SHA512

            464d6a952dba9ffb0d6aa766dc02adc6898728dab18036c479c44ad918d1174b3eb6d6784aa8cb78e9c548df3cd7d50769a3e6cfacc4e5bcebfb42ca5d006969

            Download Submit