Overview

overview

7

Static

static

3

1b4f77c6fb...1f.exe

windows7-x64

7

1b4f77c6fb...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b4f77c6fbe287862b20f05a8d2c791f.exe

  • Size

    4.1MB

  • MD5

    1b4f77c6fbe287862b20f05a8d2c791f

  • SHA1

    ed8f34a9206f23aef91ec61a93e2bb96cc773e22

  • SHA256

    da83f979eb4d3afdf93ff4c8da3ced02737e3faa452451392654ee97f1b3be13

  • SHA512

    80411ba660d99b2e1619e60025dd30d9526e5ea3c72adfa64e146b18a2622b035ff6a0f0e5f8bf16a11b066368542118c62f90bb7d5dd8b6a1e6782d3f660e33

  • SSDEEP

    98304:iXMi6MUL4wM8GwRZg7SU3xIoVdE+R0o5K0n4VcRgtB:imLC8fRZg/xIoVdE4EjVggH

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b4f77c6fbe287862b20f05a8d2c791f.exe
    "C:\Users\Admin\AppData\Local\Temp\1b4f77c6fbe287862b20f05a8d2c791f.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2908
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /C dir "C:\Users\Admin\AppData\Roaming\Security Monitor"
      2⤵
        PID:2696
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C dir "C:\Users\Admin\AppData\Roaming"
        2⤵
          PID:2252
        • C:\Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
          "C:\Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe"
          2⤵
            PID:2628
          • C:\Users\Admin\AppData\Roaming\Security Monitor\123.exe
            "C:\Users\Admin\AppData\Roaming\Security Monitor\123.exe"
            2⤵
              PID:2864
            • C:\Users\Admin\AppData\Roaming\Security Monitor\securitymanager.exe
              "C:\Users\Admin\AppData\Roaming\Security Monitor\securitymanager.exe"
              2⤵
                PID:2708
              • C:\Users\Admin\AppData\Local\Temp\_934.tmpac7d.exe
                "C:\Users\Admin\AppData\Local\Temp\_934.tmpac7d.exe" -p"10:33 PM" -y -o"C:\Users\Admin\AppData\Roaming\Security Monitor"
                2⤵
                • Executes dropped EXE
                PID:1984
            • C:\Windows\SysWOW64\rundll32.exe
              rundll32.exe "C:\Users\Admin\AppData\Local\Temp\smicfgdll32.dll", WinMouseHelper SecurityNetNotifier
              1⤵
                PID:1544
                • C:\Windows\SysWOW64\rundll32.exe
                  rundll32.exe "C:\Users\Admin\AppData\Local\mfcGLCtrl\msPathTime.dll",WinMouseHelper advEventServ
                  2⤵
                    PID:1456

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Temp\_934.tmpac7d.exe
                  Filesize

                  2.7MB

                  MD5

                  7ebb98663e9fabe7bbbf038f78fcc1fa

                  SHA1

                  9f71192a4ebb9281f76675a942411ac197719b58

                  SHA256

                  5c10758749a7bb53b40bae734b5dd77099a4cfbc7ed63a3cff1cca4a8174a9e1

                  SHA512

                  925089c0fb49f6d182db3f16446f5b6f9228b925f6aea7193deb893a6bb0bc795a8e04b6b9347265000500ecbd00d694768e328e14cfeb83b8f53843ec267e23

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Security Monitor\123.exe
                  Filesize

                  125KB

                  MD5

                  f080d99040e5769f51ee606e5c712ff5

                  SHA1

                  f8e6fd668d9814a701f0ff317dffdb9ed5fa7daf

                  SHA256

                  024f06f8cf759365665f14bb91fa3c92bd5f7ba906d2f96bf484f4d09debb80e

                  SHA512

                  908091381b390c272314da6c860a19ef7d07e3e6a2e300159b40d258b24f8503d7cc9f2f615069e5ef95540d44859313a0893459aade1d83b3972347f58b929f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
                  Filesize

                  385KB

                  MD5

                  964b6461135b968606eff050e4010b20

                  SHA1

                  80a58bd004fa7991d9c462954aeab3f0d1640649

                  SHA256

                  6ef847f0ce8e886a8d5996fdc78b39b3eadeb0db64bbddfffd6da8b04f87c496

                  SHA512

                  fbcbcee9443e93962954f87889b9bd4662fe836cc2b8d6d7b07b36a0d6a1de81b66e9753bbea4d7285b382d48287a8dd1b5bc5e561c59da3949e7e33d64aa8a0

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Security Monitor\securitymanager.exe
                  Filesize

                  370KB

                  MD5

                  a02e6f0a5604bb41105d296a9aeace18

                  SHA1

                  dcf03ea3340660043ca330a95d126ce9a04be220

                  SHA256

                  be420a6925c3606682be7e9f5b22bdc80697b525ebb89ca323c2676266aee92c

                  SHA512

                  678d4814a143e3668e70684e3bc9255de62af453bdaa0cdf1836f522ccca0af1711916c953b18f53775f61549a48461a84c7d7d5b97f64bc0e35fed1ee4c1c71

                  Download Submit

                • \Users\Admin\AppData\Local\Temp\smicfgdll32.dll
                  Filesize

                  152KB

                  MD5

                  90351a17627d9e1e25c3213da4c17402

                  SHA1

                  4dc0030b0e60135c5ad9ec6a16ff5e775c93d6ed

                  SHA256

                  ce92305e3b11880c182797933cabb06f8b19965a16dc3b47e89d9fd7ca166db3

                  SHA512

                  647684449c9a1f80c3303c6644f8ad2e4c7366dfbc4e9cc5c30b155e4a22e507df443ed4ec1d3f2a58fa664ecd220f4abcb6dfef48adc75d6220062c769b8608

                  Download Submit

                • \Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
                  Filesize

                  1.1MB

                  MD5

                  02fe5c6c4df71835c6653c65bca373ce

                  SHA1

                  5fc54eed1712f4d56f5faa6fd1bd985fae6e83e8

                  SHA256

                  83cf2a05651d57111de2417bf404211d2fec3456f43876f6a5c52c3c1595c5e3

                  SHA512

                  51aa73ae73d49739f821116e39833d6db5878ca59a723365da72725712cd6de8c91d7a2847b05b3b7562e331c59e774fd064bd6728590df61dffbb80fd55f5fd

                  Download Submit

                • \Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
                  Filesize

                  897KB

                  MD5

                  a26b99df6288b3839acb8062a6b8196b

                  SHA1

                  9a1b9a9e7819758414dc169ac15a037002f86473

                  SHA256

                  74023ba2f8587de217723d4b9ab251c8c687a773fbc6e094e007e44ded99ddf4

                  SHA512

                  2659c43341e059d269fa113c6e7b8597f7bfc0f2dcfc6b0709a7cd35170bb1064c38c26fda3957ba881f5d118fc5776444590e731d324dfbd41eee92c2959647

                  Download Submit

                • \Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
                  Filesize

                  381KB

                  MD5

                  c066b6c9fbe63f65f9310b36e87aeb30

                  SHA1

                  e5c870382f07c40137f2285bfe10e7610208f61a

                  SHA256

                  1fa522244947f966caf622cb1230bc5f700e22ddc4cf883d6195bce1ea90476a

                  SHA512

                  a006a6c78326d4619ae8cdc75f454a4e4448be49b41eb9c13a1f891622716b518f059d559449eb7800693eb28ca0ac72c788e1c36f14e9ea9eefcd6a4473feb0

                  Download Submit

                • \Users\Admin\AppData\Roaming\Security Monitor\Security_Monitor2012.exe
                  Filesize

                  2.6MB

                  MD5

                  5bdd5e8389db8f909ef66113371d11c8

                  SHA1

                  7cad2d65bbc603e1f7b7897b58fe57aacb36ffa1

                  SHA256

                  6fe405c21b0497b8a6e61e95ee7e93b238f9cb3c7b284e0654806ce0c72e6e96

                  SHA512

                  359f4751baf73992e244528942b6043387e0bbe47fab01749a399d0d6c406175394b505f9820e47f29fb109d2e4f6e9a0fdfac2b38eaf700c6e50909ec8aa777

                  Download Submit

                • memory/2628-104-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-79-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-54-0x0000000000350000-0x0000000000351000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2628-51-0x00000000033D0000-0x0000000003612000-memory.dmp

                  Filesize

                  2.3MB

                  Download

                • memory/2628-53-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-95-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-92-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-88-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-116-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-85-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-113-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-110-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-101-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-71-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-107-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-98-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-76-0x00000000033D0000-0x0000000003612000-memory.dmp

                  Filesize

                  2.3MB

                  Download

                • memory/2628-82-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2628-78-0x0000000000400000-0x0000000001933000-memory.dmp

                  Filesize

                  21.2MB

                  Download

                • memory/2708-52-0x0000000000380000-0x0000000000381000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2708-75-0x0000000000370000-0x0000000000371000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2708-70-0x0000000000400000-0x0000000000460000-memory.dmp

                  Filesize

                  384KB

                  Download

                • memory/2708-49-0x0000000000370000-0x0000000000371000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2708-50-0x0000000000400000-0x0000000000460000-memory.dmp

                  Filesize

                  384KB

                  Download

                • memory/2708-46-0x0000000000320000-0x0000000000330000-memory.dmp

                  Filesize

                  64KB

                  Download

                • memory/2864-63-0x0000000000400000-0x00000000007B1000-memory.dmp

                  Filesize

                  3.7MB

                  Download

                • memory/2908-69-0x0000000000400000-0x0000000000BB5000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/2908-83-0x0000000000400000-0x0000000000BB5000-memory.dmp

                  Filesize

                  7.7MB

                  Download

                • memory/2908-73-0x00000000003D0000-0x00000000003D1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2908-72-0x0000000002500000-0x00000000028D3000-memory.dmp

                  Filesize

                  3.8MB

                  Download

                • memory/2908-1-0x00000000003D0000-0x00000000003D1000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/2908-0-0x0000000002500000-0x00000000028D3000-memory.dmp

                  Filesize

                  3.8MB

                  Download

                • memory/2908-2-0x0000000000400000-0x0000000000BB5000-memory.dmp

                  Filesize

                  7.7MB

                  Download