Overview

overview

7

Static

static

3

29801c942c...5e.exe

windows7-x64

7

29801c942c...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 05:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    29801c942c575ab793c4dddd5f32fb5e.exe

  • Size

    43KB

  • MD5

    29801c942c575ab793c4dddd5f32fb5e

  • SHA1

    c5863865c3815b3955e7e5f3d72f9facd87e56c7

  • SHA256

    b48e1d085c65c45cef76cf56d8e14e5b21018fe99247f6dfd163f80416f706af

  • SHA512

    4af3cfe7773ea0d0db130c2912394f1764fdcfe3b4f3f1a3dabcae6fbd51a81e905daca978e0bc7e0374da16247e9cd69a408eb7dbe485d6c5b93f1a64aabb1d

  • SSDEEP

    768:sCyIqlymQsTTNmsh1jScnr8oBC5aqdSKQTlKo3OJ6hivfeX8BXjn:8IqlymQa4sPjQoI4qYKQhKwGTOgn

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29801c942c575ab793c4dddd5f32fb5e.exe
    "C:\Users\Admin\AppData\Local\Temp\29801c942c575ab793c4dddd5f32fb5e.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
        3⤵
          PID:2620

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • \Windows\SysWOW64\systemlj.dll
            Filesize

            24KB

            MD5

            f765cf58700f3cd02cd47701bc45ef12

            SHA1

            386ad3297972121f01c3db9bb250b1d2384f5b85

            SHA256

            278a47fb5248d5da7ecb7f734205fc16605f789c4adc3ddcc6c7a3a6a22d1850

            SHA512

            42266679e1014f201fae6e11101de5ccd527968d1b6c2fb9ed1ef165b19c0e0b2cee6715d0823f38252f01ec51dde6ae946cc152004d5e59a88c1849e8993f2a

            Download Submit

          • memory/2860-2-0x0000000000220000-0x000000000022C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2860-8-0x0000000000220000-0x000000000022C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2860-7-0x0000000000400000-0x0000000000412000-memory.dmp

            Filesize

            72KB

            Download