Overview

overview

7

Static

static

3

3f5150071c...3d.exe

windows7-x64

7

3f5150071c...3d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f5150071c3d150a05841d0441146f3d.exe

  • Size

    167KB

  • MD5

    3f5150071c3d150a05841d0441146f3d

  • SHA1

    f2e83d34bb89b1e6bf94cb4f15f5e6a1e5385c2d

  • SHA256

    af7453257601177a1f14dcb97ad0bbfafbf248c47eb03d7c591c2b86f3fa7647

  • SHA512

    003972fa47abc8db1a96eca81001ce799bc48abbe51ad0d3d55195d4a6df0c957c20fa3644270f2a81ebe7ed72fda560d16136bc95290e163835ff4253f1710b

  • SSDEEP

    3072:VBJE40+j3315rZhom7jhG6Wt800j9a1HBA+iZ7I:fCF+/XoVGHj9Qhu

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f5150071c3d150a05841d0441146f3d.exe
    "C:\Users\Admin\AppData\Local\Temp\3f5150071c3d150a05841d0441146f3d.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Windows\Ngihia.exe
      C:\Windows\Ngihia.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Ngihia.exe
    Filesize

    167KB

    MD5

    3f5150071c3d150a05841d0441146f3d

    SHA1

    f2e83d34bb89b1e6bf94cb4f15f5e6a1e5385c2d

    SHA256

    af7453257601177a1f14dcb97ad0bbfafbf248c47eb03d7c591c2b86f3fa7647

    SHA512

    003972fa47abc8db1a96eca81001ce799bc48abbe51ad0d3d55195d4a6df0c957c20fa3644270f2a81ebe7ed72fda560d16136bc95290e163835ff4253f1710b

    Download Submit

  • C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    Filesize

    344B

    MD5

    410b5fc7c24a41257619bf882a9aff44

    SHA1

    2c12ff734ed7f89e782103adb8f9b68e0b96d60c

    SHA256

    1353323857c137a908625a0df9182717284f081595dc95ff3f6e7b1960f62a1f

    SHA512

    5c498670ad32a6c182b5b7876f157e91f890b929a4ea4fcf9127e96510ce31f9431e8bd463db3dea4d463ded7b6c88b691047f1062918223f6aa56ef98e33fb2

    Download Submit

  • memory/2060-38534-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2060-0-0x0000000000220000-0x000000000022C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2060-1-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/2060-38532-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38538-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38541-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38535-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38537-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-11-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38539-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38540-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38533-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38542-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38543-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38544-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38545-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38546-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download

  • memory/3016-38547-0x0000000000400000-0x0000000000443000-memory.dmp

    Filesize

    268KB

    Download