Overview

overview

7

Static

static

1

HOTFIX/KB832483.exe

windows7-x64

7

HOTFIX/KB832483.exe

windows10-2004-x64

7

HOTFIX/KB833989.exe

windows7-x64

1

HOTFIX/KB833989.exe

windows10-2004-x64

1

HOTFIX/KB842773.exe

windows7-x64

7

HOTFIX/KB842773.exe

windows10-2004-x64

7

HOTFIX/KB890046.exe

windows7-x64

7

HOTFIX/KB890046.exe

windows10-2004-x64

7

SETUP(IE6+DX7).cmd

windows7-x64

1

SETUP(IE6+DX7).cmd

windows10-2004-x64

1

SETUP(IE6+...9).cmd

windows7-x64

1

SETUP(IE6+...9).cmd

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 22:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HOTFIX/KB842773.exe

  • Size

    725KB

  • MD5

    6efc8240302b4cfe1fdd0a990852581d

  • SHA1

    045e580d1d4f3009955746d315d5e1681809950c

  • SHA256

    1e05f13490a252dd34b4ca73e40432968f4b634b4cae5a4653a0debc47995f5b

  • SHA512

    f7c0dde227199051d9757b32e7b72712ce29ff7a76b120d4bc844ccacc2ddbfcbb2410d5b729475894ef552fe046c42b95aef584c3ca0458fed223ed957acfab

  • SSDEEP

    12288:lGfimaK9/vCq6YDOTZ2J8Giq/4OC+leGZOjLOl76WdOBmFkwWX/MmbCU:l4iY9/vCzbsoqAB+kGZOfO1fOMFkwWXX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HOTFIX\KB842773.exe
    "C:\Users\Admin\AppData\Local\Temp\HOTFIX\KB842773.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4936
    • \??\c:\a25b97486a809b0875c9cd\update\UPDATE.EXE
      c:\a25b97486a809b0875c9cd\update\UPDATE.EXE
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\a25b97486a809b0875c9cd\_sfx_.dll
    Filesize

    25KB

    MD5

    ee207e35aea4d5df41d90221e1b66efa

    SHA1

    757469cf9ad2f21f267bbe730560114fdf8a89a5

    SHA256

    cf64c95e9a2d02967efc22b00efb3736156b913a95231eb63c1df45d43475e64

    SHA512

    43e9f75725daa4f3428b2d9cee2c2cc8b2f2e991b8e58d72d2f429fbdfb614c86d172f03d3f9da98756bd4e245643d9a57c6efa422d6c60ad364a2322245542d

    Download Submit

  • C:\a25b97486a809b0875c9cd\update\update.exe
    Filesize

    67KB

    MD5

    9033662752c1da831aa5f90d57702eb9

    SHA1

    bd76619acb45cd02cf9f8250b0d35b77bed45706

    SHA256

    230fb9874e7589aa8e1ebf65ab75d5471440cf204ba4fb81ded2d90a1048578e

    SHA512

    d4a51c84531b5e562f0378c491624d7561bc8987396027bf8a551d8d667aa412f6b2b2f0249a4b8dc7e27708d0f883b8ad582708f77f3bab25d8211767bfb442

    Download Submit