Overview

overview

7

Static

static

3

116604bcb7...6c.exe

windows7-x64

7

116604bcb7...6c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 06:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    116604bcb77033d103727e4027a08d6c.exe

  • Size

    636KB

  • MD5

    116604bcb77033d103727e4027a08d6c

  • SHA1

    5b9adafbddb30514fffbaac96c5654c0a6c008dc

  • SHA256

    1c57087bf2620ae1995d8d40638d3a07ea0710b26cb89110286e07b38ae21270

  • SHA512

    712c26c5254895fddc4da764f0968ebb60ea2b485fc55c9c44eba2292bb4b6f8e69f4a75c8e90403ee1664650a78e33df98149e88a7501964bfd954f829e0c1c

  • SSDEEP

    12288:ufgKmG21/KUp3lHeY0vhtqZqrMynQvJw1llsRuzS1c2obY7ZCoFOe:XUhtqYgD24occoFz

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\116604bcb77033d103727e4027a08d6c.exe
    "C:\Users\Admin\AppData\Local\Temp\116604bcb77033d103727e4027a08d6c.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2748
    • C:\Windows\haha.exe
      C:\Windows\haha.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1972
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2720

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              122KB

              MD5

              83e757b52af9e5b8acb3badc52810611

              SHA1

              b489a32c60a669dbc149c4e9636d891de7597542

              SHA256

              02838da661f96c9b12a9b46405174c7328e586b5994b1872217b34c5db2fc5eb

              SHA512

              7583468bfe42fa75400f26b6899465d38d56129741d47ce0a1ce3232763da2cbd2944a4020a2b8c548e8b45ad629f995798917dc36fee844be0d46f277318529

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              93KB

              MD5

              4af41800ce8c5d7775bd19be253eb70a

              SHA1

              88ba39ad7b6a4ed24c3104fb3a6bda5f74b201ba

              SHA256

              2ce77b1bc2fc17251904ceddf4e03cb1ad02e6d79a3f4348f2add97b01bd649c

              SHA512

              226a2851723bcc91125a9979dd62388664c40e8f741a38448c5e8ee7679cf2731fa00c903c2b585bed7d041f40396476b8bfe10f85ae883aad4eb887d7c0cac7

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              92KB

              MD5

              07d6ba57e6876a68dd1fd94e0d6253a9

              SHA1

              99fee89574ebbd039605cc499c92f90f5f1ca910

              SHA256

              bb5931fd9e0ea885fc64198609d81e8e2180c2757c8b549ff3b0e47e006d97b7

              SHA512

              72b0a1ecd0e90ee783644cac0eade750bfcd57e4991860415a3a5c2d00781fa4d37ac0bf2972115106bfba2ec1f2297f8918bf47fc39f4670bcf7fa4e2bb62b5

              Download Submit

            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              786KB

              MD5

              ce30191c2f9d53923994739f8fbbbcb7

              SHA1

              ee79d7ab50676d150856392b6efb33fc4f3064d5

              SHA256

              99d06afb8077b968ac0ce6df6c615968757109286658fb1a69cb9ada7f1bcd06

              SHA512

              9144fdfacd94ce0af5147d3408d44640b97839196fb29243b2771f6aad280c6bdc4c9843ec74eacf7cd2a40382f8abcf419512e0e12ca8a18ce4425ef0defc0b

              Download Submit

            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\4.exe
              Filesize

              386KB

              MD5

              56fec2e865a290fda51bea84d32d48e1

              SHA1

              72823515057e23d8330ef4dda19bff2d58a58923

              SHA256

              65e6217bb02dc20fd6a80645ef4a2874104bc9e571eead36026b22f28fbe6ff6

              SHA512

              973fcc80d490b36e1b3706b4d6cfade02f348a421666646304a436412780bd45ce1d017258bf2e29611e034072eb51f857f6e7a3db5b2bdc9da9aaf42d0a34c0

              Download Submit

            • memory/1732-5-0x0000000000880000-0x0000000000881000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-2-0x0000000000410000-0x0000000000411000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-1-0x00000000001B0000-0x0000000000200000-memory.dmp

              Filesize

              320KB

              Download

            • memory/1732-9-0x00000000008B0000-0x00000000008B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-4-0x0000000000870000-0x0000000000871000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-8-0x0000000000430000-0x0000000000431000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-38-0x0000000001000000-0x0000000001104000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1732-3-0x0000000000400000-0x0000000000401000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-20-0x0000000002A00000-0x0000000002ACF000-memory.dmp

              Filesize

              828KB

              Download

            • memory/1732-6-0x00000000008C0000-0x00000000008C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-7-0x0000000000890000-0x0000000000891000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1732-16-0x0000000002A00000-0x0000000002ACF000-memory.dmp

              Filesize

              828KB

              Download

            • memory/1732-0-0x0000000001000000-0x0000000001104000-memory.dmp

              Filesize

              1.0MB

              Download

            • memory/1972-36-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1972-27-0x0000000000400000-0x00000000004CE200-memory.dmp

              Filesize

              824KB

              Download

            • memory/1972-40-0x0000000000400000-0x00000000004CE200-memory.dmp

              Filesize

              824KB

              Download

            • memory/1972-42-0x00000000002E0000-0x00000000002E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1972-45-0x0000000000400000-0x00000000004CE200-memory.dmp

              Filesize

              824KB

              Download

            • memory/2792-37-0x0000000000400000-0x00000000004CE200-memory.dmp

              Filesize

              824KB

              Download

            • memory/2792-21-0x0000000000400000-0x00000000004CE200-memory.dmp

              Filesize

              824KB

              Download

            • memory/2792-25-0x0000000000280000-0x0000000000281000-memory.dmp

              Filesize

              4KB

              Download