Overview

overview

7

Static

static

3

2011a0a317...e4.exe

windows7-x64

7

2011a0a317...e4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2011a0a3177e513c58421226ff1261e4.exe

  • Size

    412KB

  • MD5

    2011a0a3177e513c58421226ff1261e4

  • SHA1

    5b18e4dc05b80613c2da58769f2e8869fc0be15d

  • SHA256

    15b3fec5c9b2d1711736bf968daac23d4562416a5e4d1aaf89f4a348192a7bbf

  • SHA512

    6dd1d7bdc3d3d8f42a0c76161b6ad0ddf7853847fb99d36a7e7f226f113fd2ed52e939345e21855e570ee70f1b33885d0f54e3b72b27e326a228100564d3354e

  • SSDEEP

    6144:akc9Ws12eA6BNkgEsDerjAOKAOJU2yIHP7y9T2Tbab5GMUuwwMoI:Bs21sDerjQP7yt2TuvGRoI

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2011a0a3177e513c58421226ff1261e4.exe
    "C:\Users\Admin\AppData\Local\Temp\2011a0a3177e513c58421226ff1261e4.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" c:\ad051690-6da9-48e2-b141-9b9782a99404\start.hta
      2⤵
      • Modifies Internet Explorer settings
      PID:1588

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \??\c:\ad051690-6da9-48e2-b141-9b9782a99404\loader.gif
          Filesize

          1KB

          MD5

          e88ebd85dd56110ac6ea93fe0922988e

          SHA1

          684a31d864d33ff736234c41ac4e8d2c7f90d5ae

          SHA256

          379d1b0948f8e06366e7bcd197c848c0cc783787792f2224f98c16b974d920eb

          SHA512

          211b0760c9a887fc13c479617daeb6d5b6ee0ccd06c214967abd3e1f14204f72e34a6dd5eb778a9fc6ac7fc8bd63bdef80b347abab97becda16924cb3e164dc7

          Download Submit

        • \??\c:\ad051690-6da9-48e2-b141-9b9782a99404\start.hta
          Filesize

          1KB

          MD5

          db4ada697fa7a0e215281533d52578e9

          SHA1

          fb755ea8371edf5065dc53e21eb413603f9eba7f

          SHA256

          f949fd6ca734830572128b4348dfd039419140c7ef501d80773f71ca3f0ed78c

          SHA512

          9ba1d2658785dd3c88b4399132f8330dc58872235e19ca9854b0e453d8cc7a58de0c8be84da376a72b5851073f531c95b2c6afa84f43053561ca8e6751d6e2f3

          Download Submit

        • \ad051690-6da9-48e2-b141-9b9782a99404\InstallerHelper.dll
          Filesize

          132KB

          MD5

          b1e5e3a628512242c9bb809bd8164629

          SHA1

          9934a6c754079d010585a92a2b5ea3951234cd0a

          SHA256

          41eef66c6d2813acef2511b19b5341a9e8177b2bdcf8538a9b28017a4cb072d6

          SHA512

          0572f990d46cc0c753f8360d96dcb9596b97f5a4227922f8221a7b896dfe23a36274615dfbf39e2d00b3aa1b25fce46fdd5cea261a09ae94e671d5d53467e255

          Download Submit