Overview

overview

7

Static

static

3

3f65a714f4...6d.exe

windows7-x64

7

3f65a714f4...6d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    7s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 00:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f65a714f4db1d2f7d585abc7d60656d.exe

  • Size

    168KB

  • MD5

    3f65a714f4db1d2f7d585abc7d60656d

  • SHA1

    cb96a4d2eddde21a89e3d8ae98fc82fcbd5a1bdc

  • SHA256

    6b5315d5569d448773a9d4c334f22475bf820132f65c824b733a5a9fefa4f845

  • SHA512

    e64ad49d79fc59d98734766cf731d5c431635e960b023f288e2c3cd5214d13d54d303296eb0cf0f7d8c41da66e963293082ba7c261cd112f0260d19c9d474497

  • SSDEEP

    3072:8B/yfWqIm2ToinfY86s+g0Sfh2WYhdH2eluFkVZH7SLmRYqC:8ofU3tfpj0gRUdH2etB+L

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe
    "C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4596
    • C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe
      "C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2332
      • C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe
        "C:\Users\Admin\AppData\Local\Temp\3f65a714f4db1d2f7d585abc7d60656d.exe"
        3⤵
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:228
        • C:\Users\Admin\AppData\Roaming\Rmigix.exe
          "C:\Users\Admin\AppData\Roaming\Rmigix.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:3900
  • C:\Users\Admin\AppData\Roaming\Rmigix.exe
    "C:\Users\Admin\AppData\Roaming\Rmigix.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4320
    • C:\Users\Admin\AppData\Roaming\Rmigix.exe
      "C:\Users\Admin\AppData\Roaming\Rmigix.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1236
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2500
        • C:\Program Files\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
          4⤵
          • Modifies Internet Explorer settings
          PID:2276
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2276 CREDAT:17410 /prefetch:2
            5⤵
              PID:3220

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/228-10-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/228-11-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/228-8-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/228-20-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/1236-34-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/1236-38-0x0000000000400000-0x000000000042A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/2332-7-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2332-6-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download

    • memory/2332-4-0x0000000000400000-0x000000000041D000-memory.dmp

      Filesize

      116KB

      Download