Overview

overview

6

Static

static

3

3ba801ca86...35.exe

windows7-x64

6

3ba801ca86...35.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    1s
  • max time network
    75s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ba801ca866cbfc1773f7f97d8ad2c35.exe

  • Size

    94KB

  • MD5

    3ba801ca866cbfc1773f7f97d8ad2c35

  • SHA1

    08ae7746bf93b5d29cbc1885414708bb009b8c04

  • SHA256

    224ffb92e8412adf79fa8563359bf33a3143d20ed1562d669a1002297fcced28

  • SHA512

    911b2f785af9a2d5e3cadeadc3989108b869ba413f4c737f3b6304137145ae7c60b42b2f8c273139bd234bae414a18bd88bc7b9331b26c78d95d32ba09d4693f

  • SSDEEP

    1536:KrqhEnUlXPwKWOgVG9ahmN9kV33RTW6/EMxCRNpzCMhCRVpYcX:X9vW3GSmN9q5WdMxCFuxFYcX

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ba801ca866cbfc1773f7f97d8ad2c35.exe
    "C:\Users\Admin\AppData\Local\Temp\3ba801ca866cbfc1773f7f97d8ad2c35.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2348
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4120
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2492 CREDAT:17410 /prefetch:2
        2⤵
          PID:3960

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC861.tmp
        Filesize

        15KB

        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit

      • memory/2348-24-0x0000000000400000-0x0000000000538000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/2348-30-0x0000000000400000-0x0000000000538000-memory.dmp

        Filesize

        1.2MB

        Download