Overview

overview

8

Static

static

3

0ed1721892...e4.exe

windows7-x64

8

0ed1721892...e4.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    166s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 04:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ed17218922983563f641205bf3633e4.exe

  • Size

    136KB

  • MD5

    0ed17218922983563f641205bf3633e4

  • SHA1

    3390496a47723f0580cf30e4452ed72850716cd6

  • SHA256

    794f69a8da9cf706107a43b8806673c8528c02b161c7b4eb242619966b61758d

  • SHA512

    aaa168d71bfbd3ae3091b55e35a7d18c10733bdcdb0fd7d6ef291d413a98287777cb78b3f24d55c2a41e6fbcaae5fa9889641c47787eb79f98c1167f4bfc25e5

  • SSDEEP

    3072:WHbm4jjtFbC4O13RKrEgOEi3w0wZ5XQ3DPm3gX9MaBdCeXrFVzAD6TblE/:W6uOs0wZ5XQ3Lm3gX9MaBdCeXBVEu

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ed17218922983563f641205bf3633e4.exe
    "C:\Users\Admin\AppData\Local\Temp\0ed17218922983563f641205bf3633e4.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Users\Admin\AppData\Local\Temp\0ed17218922983563f641205bf3633e4.exe
      C:\Users\Admin\AppData\Local\Temp\0ed17218922983563f641205bf3633e4.exe cjbotdesktop2561
      2⤵
      • Checks whether UAC is enabled
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3852
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:17410 /prefetch:2
        2⤵
          PID:3968

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads