Overview

overview

10

Static

static

7

1c0bbf36b5...0b.exe

windows7-x64

10

1c0bbf36b5...0b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 20:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c0bbf36b5604b716151253be5b0700b.exe

  • Size

    415KB

  • MD5

    1c0bbf36b5604b716151253be5b0700b

  • SHA1

    11036866b12b83b187587573ec06c9c8d8904551

  • SHA256

    2abcc7c3c3bf1c569f6663f988c874b082bf21f70be4bab31feded14408cf7bd

  • SHA512

    0e622bbb706e7f0302ee59ea304535647081e0ea07a5d9e69101609b48e4351f34e07d5e48b4ba026d0723914f5d55c18b0652e6b3110311619da23d16039927

  • SSDEEP

    12288:+P6ys+NgzZhkDjhErWqAw9CsNS5qKgDYcuP:qBNUfkCZhCp5qKg2

Score
10/10
evasion

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 53 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c0bbf36b5604b716151253be5b0700b.exe
    "C:\Users\Admin\AppData\Local\Temp\1c0bbf36b5604b716151253be5b0700b.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2980
    • C:\Windows\SysWOW64\regedit.exe
      C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
      2⤵
      • Runs .reg file with regedit
      PID:3044
    • C:\Users\Admin\AppData\Local\Temp\1c0bbf36b5604b716151253be5b0700b.exe
      C:\Users\Admin\AppData\Local\Temp\1c0bbf36b5604b716151253be5b0700b.exe
      2⤵
      • Drops file in Drivers directory
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3048
      • C:\Windows\SysWOW64\regedit.exe
        C:\Windows\regedit.exe /S C:\Windows\system32\msscp.reg
        3⤵
        • Runs .reg file with regedit
        PID:2920
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" C:\Windows\web\Inde.html
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2936
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE" C:\Windows\web\Inde.html
          4⤵
          • Modifies Internet Explorer settings
          PID:2764
      • C:\Program Files\Common Files\System\svchost.exe
        "C:\Program Files\Common Files\System\svchost.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious behavior: EnumeratesProcesses
        PID:2476
    • C:\Program Files\Common Files\System\svchost.exe
      "C:\Program Files\Common Files\System\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\System\360Safe.ico
    Filesize

    1KB

    MD5

    a438d2b834ffc5bbec98898bd29bc52b

    SHA1

    831cd78c122982d1fdc30016466f9e4c7718766f

    SHA256

    fb2439fb83b289f16e615e0c10298424b413fe6b8739a5c887b2147f2c939a87

    SHA512

    1ee69a4628ae7c7ca4821caa77682a3f4f6614a6fba8927aba4ed1e59b432af70880dd54e7b53835c91049b39fee2eac7c0d2c087be449cb6a66fda43cf2ea20

    Download Submit

  • C:\Program Files (x86)\Common Files\System\360Sd.ico
    Filesize

    1KB

    MD5

    c956f80f53e474f161e2e5e45aed9ec3

    SHA1

    60bd3d7a135412e49e07f90948b7d1b1786bcd7e

    SHA256

    c57e6f9346b65eb9e9a976c2c8625d31c00e3aeab2f3a862df17d57abaffc796

    SHA512

    5471453ab654d7cc662f65ccf1a73db23296084d073e091016bf195c9dfd9ca89d3a0637786cf556216069436de1704bfa1e1a7bd546968d6a50a5b76e2bece2

    Download Submit

  • C:\Program Files\Common Files\System\taobao.ico
    Filesize

    14KB

    MD5

    468fada123f5548ac87e57bae81f6782

    SHA1

    edb8f012c25906e6afd8bf335b495e16c440243d

    SHA256

    091c882bb307d57f2c7c42309e7ba8740130fef8c3ed772b0bc5e5505e37034d

    SHA512

    635ec26c88c2394dd4f2a81b9aea8f429a91adfeb37ae34e51b03f3cf8e503c123c3685938f40cea07d6146e0c7113aadbe62fa528f1f6d8b995e617fd68a4aa

    Download Submit

  • C:\WINDOWS\system32\drivers\etc\hosts
    Filesize

    3KB

    MD5

    182b3ae9a45331f209bb2d6cea0b0d11

    SHA1

    2b1a7d01e1f16d4668fd4dbc2de56ed0ee1ddaac

    SHA256

    1b02f8b0bd099858d142b808f202be314d8e9f0824b2a3fd90f1b6501d5a4b12

    SHA512

    828d1ab49d801c5cfe15c7b331434be74049d4b769d18e1830f7929e55cf76817a4d4e199e97c14e1f5ecd94e27c8547ba885395609251a0a2f689756ff3c4cb

    Download Submit

  • C:\Windows\SysWOW64\msscp.reg
    Filesize

    763B

    MD5

    906b286c430f3a507a1c5a79438d98f2

    SHA1

    d38bd4a829c4a17b299d8505d3476f58039360b5

    SHA256

    71877c82ca162c5fdefce53e512abba0bd57c69e34608f0b298d8a42f625b9ad

    SHA512

    aaca68c7c9cefd8218911a787c08675930d1520c81add9f040d572ba9f9105f6de8f51e3edaa5325dfa7f0ccc4a3cc92ef364b6e09ce521a8fedabf3d001ffda

    Download Submit

  • \Program Files\Common Files\System\svchost.exe
    Filesize

    157KB

    MD5

    b2f8fb0f2834068133e7bb0631440b7f

    SHA1

    4e24f67e72c04015c33be2d5ddc582d5da55306e

    SHA256

    3bdeefe1a93a6d16e9edc1f7b90c1860ec8925d8752489a20ed535aa33234999

    SHA512

    82ff9e35950511ea0e7d583c91340c5de7673b85857d734edb8b23cd4bbabb7f1584efb0b3000fd796eaf0d7a25ad661a5206af49848dec28295a464483619f0

    Download Submit

  • memory/2476-43-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2476-61-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2476-53-0x00000000002A0000-0x00000000002A2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2476-59-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2476-55-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2476-40-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2536-51-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2536-52-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2536-60-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2536-62-0x0000000000400000-0x0000000000471000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2536-54-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2980-42-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/2980-49-0x00000000032F0000-0x0000000003361000-memory.dmp

    Filesize

    452KB

    Download

  • memory/2980-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2980-0-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3048-6-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3048-11-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3048-35-0x0000000000400000-0x00000000004DD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/3048-34-0x00000000036F0000-0x0000000003761000-memory.dmp

    Filesize

    452KB

    Download