Overview

overview

7

Static

static

3

0045af89dc...dc.exe

windows7-x64

7

0045af89dc...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    176s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 18:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0045af89dc768e53dfbe91ce2580b2dc.exe

  • Size

    45KB

  • MD5

    0045af89dc768e53dfbe91ce2580b2dc

  • SHA1

    6ccf402e3a33730c913ca8b9366e4e663df0500b

  • SHA256

    5134a9e74f3bb914628aa1bfb42847cf880612ed38ea080ead0bd1b4a8e39a53

  • SHA512

    5b1c11b810e384b78396f629a2d395231f3f5ae230bc2ed41c8a9be0dfad2a62301067148c64f305518659ea8501b700c13501719cf215345106134a7350400a

  • SSDEEP

    768:c3Y3v3t3E3dgdbV7zOjy16fggB1+2fKZmcL/MywOlS51rBFtFRutcN4XSLQmLUt:c3Y3v3t3E3AMy1jgy3ocLfYvbuyaX6QB

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.exe
    "C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3356
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:4436
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2292
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3684
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\twe39E7.bat"
      2⤵
        PID:1664
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.bat"
        2⤵
          PID:4380

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L3T8W3B4\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\0045af89dc768e53dfbe91ce2580b2dc.bat
              Filesize

              263B

              MD5

              8403e8ad1cd1857281251ccf371c7b29

              SHA1

              60442cf8e9456038caefe9c938d780dad1548940

              SHA256

              3b008fc20c1389edfd1c1d4af580bf140a7bcd175c38057f9ebcdc1a17b3cccd

              SHA512

              360e271f1b1ab260ddcb06167b885cc99d2643cd4cd6e99b94760a1701898f69c0fdbd3c64b11630f12c110ca83197847dc9d8ec91a36fa23410f8d403f601c3

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\twe39E7.bat
              Filesize

              188B

              MD5

              ffa8f602f764470f7a06ceb91aa43eee

              SHA1

              b10d5f72521bf38b5579230e4f22d6a1cab4b482

              SHA256

              8fd8524ff2a19c998b32dc8ab76972f97884047774b462290fe27cbda7694c8f

              SHA512

              fec8a7a2490082550c4138844217bb8e989d7f2a2c0daa33e4a5c45924526b55df19ff0542d112e4d632b7ec5a957c17d1593fdf35945409782ab1f3f7206c7b

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\twe39E7.tmp
              Filesize

              32KB

              MD5

              b27c4843d6e712c2b7284c92b3f0172a

              SHA1

              ccefc0653e9a5530cfd4e49eb075a108f39f3aa5

              SHA256

              8ba55320783e1e22d889d467e4058d1ab01890750b40262a8475239f2556d6c6

              SHA512

              464d6a952dba9ffb0d6aa766dc02adc6898728dab18036c479c44ad918d1174b3eb6d6784aa8cb78e9c548df3cd7d50769a3e6cfacc4e5bcebfb42ca5d006969

              Download Submit