1e4fe73766ed76e4cbbac0d559b0b55f3c6957746a7bb93ae8daeda05706341f

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01f90b6680e5f07ea60cb7a1facd2257.exe
Size

637KB
MD5

01f90b6680e5f07ea60cb7a1facd2257
SHA1

2181e83ba013ae6f57791ecd3f6c292a5fc2509f
SHA256

1e4fe73766ed76e4cbbac0d559b0b55f3c6957746a7bb93ae8daeda05706341f
SHA512

c9071874d904c83ad147961c611e5df5999d3e89597e21669a41b7c630dc41db38b0f1ac3af18f1c33db62b65b211efe8cacdf8943e2eddba3e62c1da8bf3000
SSDEEP

12288:osO5OtdEZBwT6qttAPEnGOCTha6vS0c9ZsD0B3sTq2WNl3y:oVQSjwvtwov16vS0cvM0B3yq2WTy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2720	sxeCA15.tmp
2008	WebSafe.ini

Loads dropped DLL 3 IoCs

pid	Process
2796	01f90b6680e5f07ea60cb7a1facd2257.exe
2796	01f90b6680e5f07ea60cb7a1facd2257.exe
2796	01f90b6680e5f07ea60cb7a1facd2257.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	sxeCA15.tmp
File created	C:\Windows\SysWOW64\WebSafe.ini	sxeCA15.tmp
File opened for modification	C:\Windows\SysWOW64\WebSafe.ini	sxeCA15.tmp
File opened for modification	C:\Windows\SysWOW64\ieapfltr.dat	WebSafe.ini
File opened for modification	C:\Windows\SysWOW64\WebSafe.ini	WebSafe.ini

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\uninstal.bat	sxeCA15.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2720	sxeCA15.tmp
Token: SeDebugPrivilege	2008	WebSafe.ini

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2720	2796	01f90b6680e5f07ea60cb7a1facd2257.exe	27
PID 2796 wrote to memory of 2720	2796	01f90b6680e5f07ea60cb7a1facd2257.exe	27
PID 2796 wrote to memory of 2720	2796	01f90b6680e5f07ea60cb7a1facd2257.exe	27
PID 2796 wrote to memory of 2720	2796	01f90b6680e5f07ea60cb7a1facd2257.exe	27
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31
PID 2720 wrote to memory of 3028	2720	sxeCA15.tmp	31

C:\Users\Admin\AppData\Local\Temp\01f90b6680e5f07ea60cb7a1facd2257.exe
"C:\Users\Admin\AppData\Local\Temp\01f90b6680e5f07ea60cb7a1facd2257.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Users\Admin\AppData\Local\Temp\sxeCA15.tmp
  "C:\Users\Admin\AppData\Local\Temp\sxeCA15.tmp"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Windows\uninstal.bat
    3⤵
    PID:3028

C:\Windows\SysWOW64\WebSafe.ini
C:\Windows\SysWOW64\WebSafe.ini
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:2008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\uninstal.bat

Filesize
140B

MD5
1b6fee00ac6d535c455f74f3f7cd28e6

SHA1
bc79f61ee1d0d255b03bd0f4b70e14361bf0e2be

SHA256
e5369f106e13055b26f813cfaabfcc77439ecf027486be72288eea7dc619dbc8

SHA512
b26e4c6eb4b96c7489585cb92b77d402d83fae9424cd2e2e2f5635dc046a4b1674824fd99ca172775ab6b92450b45c0f68e579c0c2c65db1af8c6d1669149f7f

Download Submit
\Users\Admin\AppData\Local\Temp\sxeCA13.tmp

Filesize
15KB

MD5
bd815b61f9948f93aface4033fbb4423

SHA1
b5391484009b39053fc8b1bba63d444969bafcfa

SHA256
b018bf9e9f8b6d945e6a2a25984970634884afabc580af2b4e855730520d5d76

SHA512
a363abe97b5a44e5d36af859e8d484daffe1d8e321c87969a75d1bfaa4288a5e6be1922a02c6d72937c84e81a79a1c7f6c9f2a44a995cac3f993ed5608afcd71

Download Submit
\Users\Admin\AppData\Local\Temp\sxeCA15.tmp

Filesize
637KB

MD5
6833da160cda68c24e584aabd784f218

SHA1
598908df0a14c93eda637acc0c53a01e19dbc079

SHA256
62957dc61d9dae6f672e8301553ac7cd9b0a8533276aeadfbc6f2292951e0cdd

SHA512
e709e73d6bc76fdabd1574ba5c88108b423c7c2bf62d9bbe1011ae2566953baba0c6a59fa34102f84cd9b965425f03fbffd00cc03edb417eb319b8905c83641f

Download Submit
memory/2008-155-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2720-74-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/2720-61-0x0000000003530000-0x0000000003531000-memory.dmp

Filesize
4KB

Download
memory/2720-71-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/2720-23-0x0000000000520000-0x0000000000521000-memory.dmp

Filesize
4KB

Download
memory/2720-30-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/2720-41-0x00000000032C0000-0x00000000032C1000-memory.dmp

Filesize
4KB

Download
memory/2720-44-0x0000000003310000-0x0000000003311000-memory.dmp

Filesize
4KB

Download
memory/2720-49-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/2720-50-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2720-47-0x0000000003320000-0x0000000003321000-memory.dmp

Filesize
4KB

Download
memory/2720-48-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/2720-46-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/2720-45-0x0000000003300000-0x0000000003301000-memory.dmp

Filesize
4KB

Download
memory/2720-43-0x00000000032E0000-0x00000000032E1000-memory.dmp

Filesize
4KB

Download
memory/2720-42-0x00000000032F0000-0x00000000032F1000-memory.dmp

Filesize
4KB

Download
memory/2720-51-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/2720-40-0x00000000032D0000-0x00000000032D1000-memory.dmp

Filesize
4KB

Download
memory/2720-52-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/2720-53-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/2720-54-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/2720-39-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/2720-38-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/2720-37-0x0000000002170000-0x0000000002171000-memory.dmp

Filesize
4KB

Download
memory/2720-58-0x00000000034E0000-0x00000000034E1000-memory.dmp

Filesize
4KB

Download
memory/2720-57-0x00000000034F0000-0x00000000034F1000-memory.dmp

Filesize
4KB

Download
memory/2720-62-0x0000000003520000-0x0000000003521000-memory.dmp

Filesize
4KB

Download
memory/2720-73-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/2720-80-0x0000000004120000-0x0000000004121000-memory.dmp

Filesize
4KB

Download
memory/2720-79-0x00000000040F0000-0x00000000040F1000-memory.dmp

Filesize
4KB

Download
memory/2720-78-0x0000000004100000-0x0000000004101000-memory.dmp

Filesize
4KB

Download
memory/2720-19-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2720-72-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2720-177-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2720-69-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/2720-17-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2720-68-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/2720-67-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2720-66-0x0000000003560000-0x0000000003561000-memory.dmp

Filesize
4KB

Download
memory/2720-65-0x0000000003570000-0x0000000003571000-memory.dmp

Filesize
4KB

Download
memory/2720-64-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/2720-63-0x0000000003540000-0x0000000003541000-memory.dmp

Filesize
4KB

Download
memory/2720-70-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/2720-60-0x0000000003500000-0x0000000003501000-memory.dmp

Filesize
4KB

Download
memory/2720-59-0x0000000003510000-0x0000000003511000-memory.dmp

Filesize
4KB

Download
memory/2720-56-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/2720-55-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/2720-36-0x0000000003280000-0x0000000003281000-memory.dmp

Filesize
4KB

Download
memory/2720-35-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2720-34-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2720-33-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2720-32-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2720-31-0x00000000032B0000-0x00000000032B1000-memory.dmp

Filesize
4KB

Download
memory/2720-29-0x0000000003260000-0x0000000003263000-memory.dmp

Filesize
12KB

Download
memory/2720-28-0x0000000003270000-0x0000000003271000-memory.dmp

Filesize
4KB

Download
memory/2720-27-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2720-26-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2720-25-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2720-24-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2720-22-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/2720-20-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2720-151-0x0000000000400000-0x0000000000514000-memory.dmp

Filesize
1.1MB

Download
memory/2720-21-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2796-0-0x0000000000400000-0x0000000000541000-memory.dmp

Filesize
1.3MB

Download
memory/2796-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2796-15-0x0000000000550000-0x0000000000664000-memory.dmp

Filesize
1.1MB

Download
memory/2796-18-0x0000000000550000-0x0000000000664000-memory.dmp

Filesize
1.1MB

Download