Overview

overview

7

Static

static

3

16ab53ad56...c4.exe

windows7-x64

7

16ab53ad56...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ab53ad56e72a944d4c256b5496eac4.exe

  • Size

    346KB

  • MD5

    16ab53ad56e72a944d4c256b5496eac4

  • SHA1

    51d1ebdeb893d9fd9f61679628071a0a16e7b372

  • SHA256

    6bdd6f7691ad064c15d5db443b2b1e67b2437380b3159d4a250ed66912dd14c6

  • SHA512

    97074e04efe87fdc563875cb5234b72f07f68cb21476c1bdf551b4d39223d342ab70051ee5c93524e85dee15153692e03cb40adcd8351aab38db1975472d910f

  • SSDEEP

    6144:ye34EvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+Fdg:5+YyXSvi2v2ICvOb+Fdg

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ab53ad56e72a944d4c256b5496eac4.exe
    "C:\Users\Admin\AppData\Local\Temp\16ab53ad56e72a944d4c256b5496eac4.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3880
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk44.icw"
      2⤵
      • Checks computer location settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4476
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk44.icw"
        3⤵
          PID:5012
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3992
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:4084
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2288
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:17410 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4520

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\EditPlus\kk44.icw
        Filesize

        132B

        MD5

        f84d08be882a79dd0e7e855ba313b45b

        SHA1

        e84191912fb1ed7d757e2396ec6e630f98d793eb

        SHA256

        cd246450726bdce9589d273991525a42f3f0c21130eb0948482f03f4b5c79b3d

        SHA512

        1b0c2b6478cfadac8fb1c18d00ba56a93c17b70f5a20e8868f240e57642c2305e8c8839b2ab099df39e6ed63a0fc593098c1a50531903c2a2693d299ed2e37ed

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8PO8IKDM\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nscCAD3.tmp\System.dll
        Filesize

        11KB

        MD5

        c17103ae9072a06da581dec998343fc1

        SHA1

        b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

        SHA256

        dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

        SHA512

        d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nscCAD3.tmp\nsExec.dll
        Filesize

        6KB

        MD5

        acc2b699edfea5bf5aae45aba3a41e96

        SHA1

        d2accf4d494e43ceb2cff69abe4dd17147d29cc2

        SHA256

        168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

        SHA512

        e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        Filesize

        44KB

        MD5

        7c30927884213f4fe91bbe90b591b762

        SHA1

        65693828963f6b6a5cbea4c9e595e06f85490f6f

        SHA256

        9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

        SHA512

        8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk44.icw
        Filesize

        798B

        MD5

        ebcf26c9a69fc45c2d7d55b73fc84475

        SHA1

        9caa458cd50c24ebafdbf415aea982900ab2b982

        SHA256

        83b62b8946f844fa5ba6d6b438445f50b57ccfbb57d61492bfc425dd032e1931

        SHA512

        a519df14cf4867c8d757a27e2e614092ea3f4c6561257f9e68f5a2f5f6689ac0474d89c7f19f9c15bb9a1cc8fdabf8924c316c9a9e6c326a1341ed62f0b9e436

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
        Filesize

        80KB

        MD5

        d4260df3a533c9915bd3ccedc5c6ec51

        SHA1

        7993e157b2155771989a5b07f7c2db82ea47276f

        SHA256

        5f06d4f8e5a9b2bd838ead1ea7f53ae1245a448321bb788e9b3950907275231a

        SHA512

        1f766350fd31e73378593f7b0a938336569eb36ba69618ee74f3da5999f9de1949899dd7ba67034b01c65ac4946911d0d5f187678356d47f3441066cf7b8832b

        Download Submit