Overview

overview

7

Static

static

3

0463981990...bc.exe

windows7-x64

7

0463981990...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    046398199068316b4aa6f7b4020e25bc.exe

  • Size

    50KB

  • MD5

    046398199068316b4aa6f7b4020e25bc

  • SHA1

    1bfa887ab60a63490513588ff65d2ae316bff8d6

  • SHA256

    456e0dc6809f66426017bc77cbec273d58edee5f29dce6bc0f535069186dfdaa

  • SHA512

    ceb33292ce02dfeb43b7dd9d67e1b5137edc8d2d1bc910ae5a94d0781a3d83bc06a365ba120b6c5aa9fdc4398aee24295ff4ce219c4329eea03c551bd3d69fda

  • SSDEEP

    1536:gqtfmz0eanetwRw0wzouVNB+NncT4UPDGhLBC:dfmz0eFtwugnc8dhL

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\046398199068316b4aa6f7b4020e25bc.exe
    "C:\Users\Admin\AppData\Local\Temp\046398199068316b4aa6f7b4020e25bc.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2676
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\046398199068316b4aa6f7b4020e25bc.bat"
      2⤵
      • Deletes itself
      PID:1612
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe2462.bat"
      2⤵
        PID:2604
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3012

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      851dbb759e48ff4b92fc3900a44235d5

      SHA1

      ba1b83fea3e5a1e7942db953a4395031622884ba

      SHA256

      bda7fd63a340cda78c37f4277386044b8a31438a883b44e9a57021ffee569a3b

      SHA512

      924cbcfffa388531c7d22ef090d5ad8c9f4e174de5983c0546c649215e176a149b4bcac2a393020b7bb2d2fc9c484f4479e084a3108c21c9b38ca871ca99a69d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f6aa125a42504dfde97d3fec363e38e2

      SHA1

      e25d96df29829709ddca3531d0856fc7109fd77b

      SHA256

      8cc0d56b9d79b2e4f4a8e360790c826b8516381df16a8b606c9e42884485d7fb

      SHA512

      02b97fba2eca31fc35b7907990815d4ee1047ab799b3036e40b85270cf88544ef56d15ebfff07957ad34930b26cd5da9da2da45f30e88c8a40797b9635424e63

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      24435509a4af9bef95afd1cb5d015534

      SHA1

      e6ff3b5f2b50b9aac746300d95e052d62102a55b

      SHA256

      47f312009f5ac4594e099108d766692036412599bc9ce8d35e78def8bdc933e6

      SHA512

      fcffee1dcc68e2c3319c2e611fdc20e371dbd0143e77e51123ea0fd053ce13f531853961e93c497156dc09b8d2584336bc55f06c0ebf71d488e10b5e46c3141c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3690a9d1264666a93326e608a3f12653

      SHA1

      e24beba3ca4354b5fe724925374d515f005f0d4a

      SHA256

      f95434a989922c1ea7f2d66412437c19c71b73c4205820c9cfebbb70f7039053

      SHA512

      f663ef7e18f71fe13c9e754e63b0e5af9494629652e523c162373e339b1ad28b2b032b60b83c0330c4aa26ac8efdb270285642719f0afcf0ffce0767dec366cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5452c7d7c7a910a91fb9d1b36c9f738

      SHA1

      96c5b455f0c322d3b33ab9d5b4852dcef8980a9a

      SHA256

      361531c299b393af3fb549a0cdb8d25ab8d3654fb3e3e5ee1456102abad8c089

      SHA512

      207511f821b0dd21c9a5e6e32250247520a12c2cb1d0ceaac96fc3a77ce9cec06166779b9c1d65dd1dd9e605d1cc2865c14eca7ebbcb5266946fa74f14105124

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf9593d5cbf57e59a2d0a7ac0b294b54

      SHA1

      39d65deaaac353f1da4198272b960598002d9049

      SHA256

      48812e0f13b83b31a5ded57e2fe2ea47f47d52ecf8dc5afd2cc3a7d847f66a39

      SHA512

      f98f2b0435aaa817b14a3e3d68208e96b66c25907d7137a7e49c76a7fb94d7a0a8093612126d59a96dba88794dce199c1fbaca474041f98d7ca00576dacede07

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\046398199068316b4aa6f7b4020e25bc.bat
      Filesize

      263B

      MD5

      bb0dacf542b2473871a80e23abf5a88c

      SHA1

      d3a48956438e1a2659a94cfb92a8fbbd568bfe0f

      SHA256

      c1339c6dc2a63c6a5471bda0f0d017b64c367646bf4dd1b8cdbdb15e27011fdf

      SHA512

      46889ca2add2d912c0385cfb940ef233d402d8e791aa8cc852132d313d3254dae4d7cd004ef918cd86a0295169543ca04b32f177301bc9c413eda6f36408ae65

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2906.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar29A5.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\twe2462.bat
      Filesize

      188B

      MD5

      c4d20b9c06e4638fd26d43f2de0bf066

      SHA1

      4612943ab05a0e6273ccbeb055dedd5c3d71a9f3

      SHA256

      b2bab809c66a5eb45b77fb2cf65fa0a05bedd8de485a0ff63549318b52c3788c

      SHA512

      7a4c8bca3d217c8408c6bfa9b413e0379f01e1dd8b6a3d43292cc66069ef237af44f9c85b187d12b7820cf4bf7a31723ee8445b09bf24bdab3d1d35cf4eb4154

      Download Submit

    • \Users\Admin\AppData\Local\Temp\twe2462.tmp
      Filesize

      34KB

      MD5

      3f1795f38eb7791c81b5ee266edd6d9f

      SHA1

      ad776ccdf6f9dc75d195678e9cb98533fde23237

      SHA256

      8a82d3be08a007538664b462ac3028894846a353dfe7dd213fa25649bdd68518

      SHA512

      8c6180bf39d4ada3fe2bf42324edfdb0652624efd18e82854366750cb09c511cea1bd22efd41a0516a22a6f88fc24a0918a716e67985c344e8cd513b2ad4e3d2

      Download Submit