Overview

overview

10

Static

static

10

samples (2) (3).zip

windows7-x64

1

samples (2) (3).zip

windows10-2004-x64

1

100b8bfff5...48.exe

windows7-x64

1

100b8bfff5...48.exe

windows10-2004-x64

1

16b5122423...49.exe

windows7-x64

7

16b5122423...49.exe

windows10-2004-x64

7

2727dde741...98.exe

windows7-x64

9

2727dde741...98.exe

windows10-2004-x64

9

29dd920ac1...e5.zip

windows7-x64

1

29dd920ac1...e5.zip

windows10-2004-x64

1

2001.exe

windows7-x64

9

2001.exe

windows10-2004-x64

9

3c5ffe21fd...017.js

windows7-x64

1

3c5ffe21fd...017.js

windows10-2004-x64

1

48493bb68b...20.exe

windows7-x64

10

48493bb68b...20.exe

windows10-2004-x64

10

568a79ce58...19.exe

windows7-x64

9

568a79ce58...19.exe

windows10-2004-x64

9

57de0d2d59...fe.exe

windows7-x64

9

57de0d2d59...fe.exe

windows10-2004-x64

7

5e34ceeaf6...05.exe

windows7-x64

1

5e34ceeaf6...05.exe

windows10-2004-x64

1

6e2db44578...ac.exe

windows7-x64

9

6e2db44578...ac.exe

windows10-2004-x64

9

75342ada93...76.exe

windows7-x64

8

75342ada93...76.exe

windows10-2004-x64

6

7e623dca8a...e2.exe

windows7-x64

10

7e623dca8a...e2.exe

windows10-2004-x64

10

87f2db714e...7e.exe

windows7-x64

8

87f2db714e...7e.exe

windows10-2004-x64

8

8dcb1af1e7...b0.exe

windows7-x64

7

8dcb1af1e7...b0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    182s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e.exe

  • Size

    168KB

  • MD5

    858f74b2c777c086eaa36d9cfd4f38d2

  • SHA1

    ccc4e31495008464118c71b55e27ace1fe35736f

  • SHA256

    87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e

  • SHA512

    c30e692885aab0bc30dba82a1ee6037b25de56027fb06564062991713e9f062c2b5d9fbcdd802aa0f7503b1ea8942bd9641b7b2299b4e341aa5f41b4739af0c5

  • SSDEEP

    1536:R9vtiz8f+2x+/m2x+kDgJF+2x+/m2x+kDgWGekNsGekNFuJGekNsGekNcl:+8f1+l+kcJF1+l+kctphpS

Score
8/10
persistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 21 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 41 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 29 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e.exe
    "C:\Users\Admin\AppData\Local\Temp\87f2db714eac44b77889c850b8b6b55e2b117c88ac8f8923b47ac89fecadab7e.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3000
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:828
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1412
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4076
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3484
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
      PID:1884
    • C:\Windows\explorer.exe
      explorer.exe
      1⤵
        PID:1060
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
          PID:2760

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
          Filesize

          471B

          MD5

          bd7cff2625c057d70018eb8fc1b1f955

          SHA1

          7769bf9f4fb6ce8a0124921cb9b60dc092d78933

          SHA256

          675796db0f9a74ca700c3b71722f66a302febc44bbb2ff789f27224b754248f4

          SHA512

          0a1c34d42f65cd6724bff6478cdeb7172df5c2a524e1794d0e2ef170c06120c57f687027627ea0b0270354202a19f735bbcc73c836c62744c1786eb106893386

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53
          Filesize

          412B

          MD5

          6958292ec0429a1fd955e211325d7e82

          SHA1

          4f0ef5678398a9f2f7dc5322aa821334829012eb

          SHA256

          d5d63689ab3810022adfc9933f81726d90e688762f08ed8936d87ddecb917a44

          SHA512

          b9e04b2f3e2b029fda55b36c2117be2873f327702a3ae8d8c416969c7523d3181175e58325b7e5b68f1e4638c0eda592817b4681ade5c290da0cbdd1cab845a8

          Download Submit

        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133485958263320594.txt
          Filesize

          74KB

          MD5

          c09e63e4b960a163934b3c29f3bd2cc9

          SHA1

          d3a43b35c14ae2e353a1a15c518ab2595f6a0399

          SHA256

          308deca5e1ef4d875fbe0aff3ce4b0b575b28e643dffda819d4390ec77faf157

          SHA512

          5ca3321034dff47e3afe0b0bdfaffc08782991660910a29375a8e0363794b78247282aba65dbd882ae225aa140ae63927dfd0946a441ee6fa64a1d8c146777b9

          Download Submit

        • memory/828-107-0x0000000004820000-0x0000000004821000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3000-3-0x00000000057D0000-0x0000000005862000-memory.dmp

          Filesize

          584KB

          Download

        • memory/3000-55-0x0000000074E70000-0x0000000075620000-memory.dmp

          Filesize

          7.7MB

          Download

        • memory/3000-56-0x00000000059E0000-0x00000000059F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3000-95-0x00000000059B0000-0x00000000059BA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3000-96-0x00000000059E0000-0x00000000059F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3000-4-0x00000000059E0000-0x00000000059F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3000-106-0x00000000059E0000-0x00000000059F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3000-0-0x0000000000F00000-0x0000000000F30000-memory.dmp

          Filesize

          192KB

          Download

        • memory/3000-2-0x0000000005E60000-0x0000000006404000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/3000-1-0x0000000074E70000-0x0000000075620000-memory.dmp

          Filesize

          7.7MB

          Download