Overview

overview

7

Static

static

7

12383c3ac7...80.exe

windows7-x64

7

12383c3ac7...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 07:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12383c3ac73fcdd59416c7e695d17180.exe

  • Size

    28KB

  • MD5

    12383c3ac73fcdd59416c7e695d17180

  • SHA1

    904abd1b32a377a3ccbd2a9398aa36f19ed6429d

  • SHA256

    acc6bf63969befee9889f78f6d81bac7fd523c2234372043f3b899e2f86bb66e

  • SHA512

    7be3010915135213c49f1edf925dd0b5fe6d0aa4ef754f04dad05f93fef676bc0238f979449483d375a6354b9b9c47b9a736f736b53da320859ebe1dbc2a20fc

  • SSDEEP

    768:AFjd3h0TMRxxK5onshMg6OM7ibt55l2TuEpaFoRgw:AzR0GxxKOdgzpf5l2TuEpEqgw

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12383c3ac73fcdd59416c7e695d17180.exe
    "C:\Users\Admin\AppData\Local\Temp\12383c3ac73fcdd59416c7e695d17180.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1760
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\12383C~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ee95578759b6bba39303f1e1739bfa7

    SHA1

    09205a1c8c44a59cafc9d87d3271a585456ede66

    SHA256

    4c6be8443f846824ac22e4be6687008c0a5002af383706dcfd81bcb5af934e6a

    SHA512

    0516f0f71e59bda3e28d4818af2cd107a2d989d42b65344674812f5568dad2a0a940aeab46b06cfe09ee14436bce1cc0fdbe1bfc4ac9099bef9387ff0840a613

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9CDE.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9D4F.tmp
    Filesize

    37KB

    MD5

    e6acc17a4f6bfa732b33b3bd52b336ca

    SHA1

    b61b6d1bf3ff2d115ae7fa5844dd16ea091bf976

    SHA256

    4099498507f844f267f8f505a3476d431e36a9250e656ff095192590f15b6fdd

    SHA512

    a638661e4902d24fc58dea992994e34f294ba23e9a06c75fdcc96eb422ca57fbd1cf48049da9876e2fff5bd0747446b2ed64995b18ca179a1175e605c24d463e

    Download Submit

  • memory/2252-0-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/2252-3-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download