Overview

overview

6

Static

static

3

09ad09158d...4d.exe

windows7-x64

6

09ad09158d...4d.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    169s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09ad09158d17eb0082cd38d8cb85784d.exe

  • Size

    26KB

  • MD5

    09ad09158d17eb0082cd38d8cb85784d

  • SHA1

    637d7ea78a8649e188d80be7591cca793ac923e5

  • SHA256

    63fa740d0fc617e3b988e2fe76d04e8bf01389b1c201c87507e0bcbb6b950627

  • SHA512

    036e09b064fec8a3f6d54748890271de7c0f6de806d38ee5c939391bb328f11881a800de6feeb661a7df60f2129c0370e2f264de23b81b25299610491eb1d44e

  • SSDEEP

    384:ZuMLHKwktmNQubh2Va0f59olzPtuYzZuZNMGLBqkBSdl:ZJbKftmNQubhjQ+zPtuYYNLjB4

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09ad09158d17eb0082cd38d8cb85784d.exe
    "C:\Users\Admin\AppData\Local\Temp\09ad09158d17eb0082cd38d8cb85784d.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    PID:2092
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:3752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1124
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1124 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4492

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\config.txt
      Filesize

      578B

      MD5

      3dcbdd92f73bf59891f8bb9ed4ea6b49

      SHA1

      040d4db54624966ae5a05ec70a3a4abd92b9f46a

      SHA256

      e77a8c382fea1cf1989cf3e9ee27fe54499d08994109f9dd6ac4d3808da4019f

      SHA512

      8d6a4f35e4814ae23a763022dad59f8702241dbd50d81dedf79ea7ceb501f481e5b10c8f64bc174dc39bbebe46fedb245f12a51aabbef3de43e06bc685ecc182

      Download Submit