Overview

overview

10

Static

static

3

01f410626a...6b.exe

windows7-x64

10

01f410626a...6b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 19:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    01f410626ae538b0c69dd59c1667176b.exe

  • Size

    434KB

  • MD5

    01f410626ae538b0c69dd59c1667176b

  • SHA1

    7888bb4114d2ee3ea42705a12890faeadd872d42

  • SHA256

    3776fd23d3a8339b6af512ba2abe2bc93cc955feb2cc85165663e15863a7c35e

  • SHA512

    a3a92315c2869ed058e78a79913bf2dd0437f2f89f7053d9b4bc32f7895e49fa98ff4287cfcb99edb76294ec75b78f8ed1b8de4e9fe6b99d005b7d9704cab2c1

  • SSDEEP

    12288:aWWVmQdOw0tp2cYM0jz1H0n85Eny0Pqi1b1AVM:01dncYMGz1H0vhPqir

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Drops file in Drivers directory 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 31 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01f410626ae538b0c69dd59c1667176b.exe
    "C:\Users\Admin\AppData\Local\Temp\01f410626ae538b0c69dd59c1667176b.exe"
    1⤵
    • Modifies visibility of file extensions in Explorer
    • Modifies visiblity of hidden/system files in Explorer
    • Drops file in Drivers directory
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\regedit.exe
      C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
      2⤵
      • Runs .reg file with regedit
      PID:2732
    • C:\Users\Admin\AppData\Local\Temp\01f410626ae538b0c69dd59c1667176b.exe
      C:\Users\Admin\AppData\Local\Temp\01f410626ae538b0c69dd59c1667176b.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Drops file in Drivers directory
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Windows\SysWOW64\regedit.exe
        C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
        3⤵
        • Runs .reg file with regedit
        PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Common Files\System\taobao.ico
          Filesize

          14KB

          MD5

          468fada123f5548ac87e57bae81f6782

          SHA1

          edb8f012c25906e6afd8bf335b495e16c440243d

          SHA256

          091c882bb307d57f2c7c42309e7ba8740130fef8c3ed772b0bc5e5505e37034d

          SHA512

          635ec26c88c2394dd4f2a81b9aea8f429a91adfeb37ae34e51b03f3cf8e503c123c3685938f40cea07d6146e0c7113aadbe62fa528f1f6d8b995e617fd68a4aa

          Download Submit

        • C:\WINDOWS\system32\drivers\etc\hosts
          Filesize

          1KB

          MD5

          04582f0454992dcdd3c384d0730a98a1

          SHA1

          52296a9dac4ee0876fefb42fd1a1c588ae3a865f

          SHA256

          878126f2a00b67331d99b05158498b0ad40217de099a5b3534d1b7aeb3a35d19

          SHA512

          2db49de10dd7b1fc27ae838fab4441e76aeae151b55de7b29f10c4750b5ed29a692f496cb7b5e01021a5cac8482deeb74687d88a016cb82b6ef9814a855cefc5

          Download Submit

        • C:\Windows\SysWOW64\msscp.reg
          Filesize

          336B

          MD5

          45c2ffcb48ade649255bc861d1928963

          SHA1

          4a7042765fab8063c2383fb9cde3a4ece24a0628

          SHA256

          658a998e67711f328b0a8a5dd1ccb6738d0fc0abd0351c71270c4fc4b490fa71

          SHA512

          70cfa5b430e18a589e0d88284d5a79433a3b7351767ccf1500349b8e44ab2a8f3c5dffd86124cccf4b326dac5f93dd3ef7c48873fa58c0b3413eb629ef9c53db

          Download Submit

        • memory/1728-0-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/1728-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1728-5-0x0000000001C40000-0x0000000001CBD000-memory.dmp

          Filesize

          500KB

          Download

        • memory/1728-26-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/2220-6-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download

        • memory/2220-8-0x00000000003B0000-0x00000000003B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2220-25-0x0000000000400000-0x000000000047D000-memory.dmp

          Filesize

          500KB

          Download