Overview

overview

8

Static

static

3

392b9ee72b...26.exe

windows7-x64

8

392b9ee72b...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    392b9ee72b3167614ff530677eccf926.exe

  • Size

    665KB

  • MD5

    392b9ee72b3167614ff530677eccf926

  • SHA1

    ddabe40180e085d7df11e057e4232c76539a855a

  • SHA256

    63ac6385a0b6541e14e515f608bf2a37408234475e9676bc9738c6a5b6134e4f

  • SHA512

    6bf88e6fb205d5472605eb2d18331f9904978710794259b39a6965507aad66218a0e15eae456832c621142fce6f525251f84da618f85aa0d39d75f341217dffe

  • SSDEEP

    12288:BXDVWEq5U9Gg1ZWB9NNDBFTmp1/x3I2m3iCNLRPhCow2t06KFDGVeC:BXDoP5sWB9rzmPJ3IhVdhfwU06Y6B

Score
8/10
persistence

Malware Config

Signatures

  • Sets file execution options in registry 2 TTPs 64 IoCs
    persistence
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\392b9ee72b3167614ff530677eccf926.exe
    "C:\Users\Admin\AppData\Local\Temp\392b9ee72b3167614ff530677eccf926.exe"
    1⤵
    • Sets file execution options in registry
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Temp\¼×¿Ç³æ.exe
      "C:\Temp\¼×¿Ç³æ.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:1724
  • C:\Windows\Alerterll.exe
    C:\Windows\Alerterll.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 376
      2⤵
      • Program crash
      PID:2912
    • C:\Program Files\INTERNET eXPLORER\iexpLORE.EXE
      "C:\Program Files\INTERNET eXPLORER\iexpLORE.EXE"
      2⤵
        PID:2676

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Temp\¼×¿Ç³æ.exe
            Filesize

            250KB

            MD5

            ec744c9ec552a93181fd982df91732ad

            SHA1

            4164c9abc929a60ac288f488cb5476040b131ee3

            SHA256

            ff97a2efdd8e9971c9cbc0950d75488dac12f08385086cbe4fbb84ebf1f7c064

            SHA512

            329c48ba9a65c8ba4791dfbb203777576773d6531a8b5e18105eaecbbf460989bec3a65685b76f4f08082b179f925c218ec5b0c1611b659d36708668b9cade33

            Download Submit

          • C:\Temp\¼×¿Ç³æ.exe
            Filesize

            637KB

            MD5

            304e18dbab2fc143bf838ee9afa89730

            SHA1

            bc5f38f9832eeed145f5e31cdbf8432883afb98c

            SHA256

            a1a19ff2a94eb568d57fecfd8ce6c30b209c994a2862bfa94346fbeb9e95f12f

            SHA512

            a9dd01d8f0d4ed6112664bc46b61ef15a1956ad5f5d75bffdc96513131f4a4a813bc0b2e25ceed9ed3bf3ad4e7785e9ce5c19476df56281492f2108c08a2aebe

            Download Submit

          • C:\Windows\Alerterll.exe
            Filesize

            72KB

            MD5

            798b73a0f4baa662fbf95155439f5e64

            SHA1

            f8bb8bfb0850549e4a68e63476adf00815c84fe1

            SHA256

            d36235640176f6c70b475ec2eee77931c93570310eaed08ef0353bea2f278e38

            SHA512

            ee10a1bd3aed37a4f0e894903d8e266cde4e7cb238562dedff99f8757a3e2ef96a814521620268ca4916cf3e36da536277b8c1624fc37bf55383d4333ed72a05

            Download Submit

          • C:\Windows\Alerterll.exe
            Filesize

            97KB

            MD5

            d3233d01ff6b345309b6ef88b67680f1

            SHA1

            57867c3f1961145f5cc37ec6e2e3a0aadbfa5e6c

            SHA256

            52e5bc655aa9d114a874fcc6db9ddb794f57ea211b09b3a3092e238bc371c4a5

            SHA512

            4169a38957c6d99bd808328ca66954f6f8a6278eff3dc38ab02b7176df546d9576bc5303d69915e7308437b420e3be56ca4118a2f92f92e3272fde6b85a645d2

            Download Submit

          • \Temp\¼×¿Ç³æ.exe
            Filesize

            358KB

            MD5

            38eaea64ae8584f084ecbd527008e619

            SHA1

            fff717af53b0da4600d5c5a838a6d641fbd6a162

            SHA256

            adf1712c9ab9df9076f95daa1144bb0051209da818e2044725caefe83f7e6764

            SHA512

            0431136b99ecc05d69377601f091e83b2f534e697f1a9409bde175873beb24dbfc9299797fe6ba81b9bc92eea9a9b41c7eb41835ed0243a536037397e552f4f4

            Download Submit

          • \Temp\¼×¿Ç³æ.exe
            Filesize

            566KB

            MD5

            589cba96c217c9ce862b51a0be56f359

            SHA1

            7192fe80382c7c937bbd2a5e388bbe2bb6499519

            SHA256

            7c177286ec25f38d6bb91d88a67430afd812df16edbe47fbd888eb19cc5cf409

            SHA512

            c2181acdd77c5c3d40b1e253b8bfe49277307b25f2b4c23f35f0249d0c508c8229b0530466017f6151ef7d9d624c01f60d33de965a7a1a423f8971aa8bb66b6b

            Download Submit

          • memory/1724-50-0x0000000003550000-0x0000000003551000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-45-0x00000000033F0000-0x00000000033F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-76-0x0000000003730000-0x0000000003731000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-75-0x0000000003740000-0x0000000003741000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-74-0x0000000003710000-0x0000000003711000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-73-0x00000000036B0000-0x00000000036B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-72-0x00000000036C0000-0x00000000036C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-71-0x0000000003690000-0x0000000003691000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-70-0x00000000036A0000-0x00000000036A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-69-0x0000000003670000-0x0000000003671000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-68-0x0000000003680000-0x0000000003681000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-67-0x0000000003650000-0x0000000003651000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-66-0x0000000003620000-0x0000000003621000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-65-0x0000000003630000-0x0000000003631000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-64-0x0000000003640000-0x0000000003641000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-63-0x0000000003600000-0x0000000003601000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-62-0x0000000003610000-0x0000000003611000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-61-0x00000000035E0000-0x00000000035E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-60-0x00000000035F0000-0x00000000035F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-59-0x00000000035C0000-0x00000000035C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-58-0x00000000035D0000-0x00000000035D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-57-0x00000000035A0000-0x00000000035A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-56-0x00000000035B0000-0x00000000035B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-55-0x0000000003580000-0x0000000003581000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-54-0x0000000003590000-0x0000000003591000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-53-0x0000000003560000-0x0000000003561000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-52-0x0000000003570000-0x0000000003571000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-51-0x0000000003540000-0x0000000003541000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-14-0x0000000000360000-0x00000000003B4000-memory.dmp

            Filesize

            336KB

            Download

          • memory/1724-49-0x0000000003430000-0x0000000003431000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-77-0x0000000003760000-0x0000000003761000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-48-0x0000000003400000-0x0000000003401000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-39-0x0000000003390000-0x0000000003391000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-47-0x0000000003410000-0x0000000003411000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-44-0x00000000033C0000-0x00000000033C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-43-0x00000000033D0000-0x00000000033D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-42-0x00000000033A0000-0x00000000033A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-41-0x00000000033B0000-0x00000000033B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-40-0x0000000003380000-0x0000000003381000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-38-0x00000000026A0000-0x00000000026A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-46-0x00000000033E0000-0x00000000033E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-37-0x00000000020A0000-0x00000000020A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-36-0x0000000002540000-0x0000000002541000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-13-0x00000000002A0000-0x00000000002A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-35-0x0000000003340000-0x0000000003341000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-34-0x00000000002B0000-0x00000000002B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-12-0x0000000000400000-0x00000000005BA000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1724-33-0x00000000002A0000-0x00000000002A1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-32-0x00000000009F0000-0x00000000009F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-31-0x00000000003E0000-0x00000000003E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-30-0x0000000003370000-0x0000000003371000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-29-0x0000000003420000-0x0000000003421000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-28-0x0000000003320000-0x0000000003323000-memory.dmp

            Filesize

            12KB

            Download

          • memory/1724-27-0x0000000003330000-0x0000000003331000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-26-0x0000000000760000-0x0000000000761000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-25-0x00000000009E0000-0x00000000009E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-24-0x00000000009B0000-0x00000000009B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-23-0x00000000009C0000-0x00000000009C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-15-0x0000000000790000-0x0000000000791000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-18-0x0000000000750000-0x0000000000751000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-17-0x00000000009D0000-0x00000000009D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1724-16-0x0000000000770000-0x0000000000771000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2108-11-0x0000000002EC0000-0x000000000307A000-memory.dmp

            Filesize

            1.7MB

            Download