Overview

overview

3

Static

static

3

3fff12f1eb...a3.exe

windows7-x64

3

3fff12f1eb...a3.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 05:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fff12f1ebfe08c319ce4d1563e792a3.exe

  • Size

    1.4MB

  • MD5

    3fff12f1ebfe08c319ce4d1563e792a3

  • SHA1

    a6a1371c8a20ce1e57da9eeece041c6fe4ee3611

  • SHA256

    cfe0542be6e7d611db5aa9c3d4ab224b37f86b720e2824d78b71578d5a6bdbb0

  • SHA512

    3ec36de2905ec18141fff4d7b6591fd4046c70868c2fc346fdded8297a6f06c896f5b4ae60b604075b18a0753b5275de354bc2a424c0fc040a9b94682398b0b4

  • SSDEEP

    12288:9JiOIxX8zaVYY2TK2d0Ov67THRYJk4sO6Y2eNKjg1yWwze9kA7lLBvGESnr+m6ke:9JkgVTKMT6teNsg1ySbuESnqm6N1uji

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3fff12f1ebfe08c319ce4d1563e792a3.exe
    "C:\Users\Admin\AppData\Local\Temp\3fff12f1ebfe08c319ce4d1563e792a3.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3L0UCK5V\releasehistoryusa_new[1].htm
    Filesize

    178B

    MD5

    bd2695f4b079c71dbddde3436286fb9c

    SHA1

    733c05da132193d6cf1d8e242d12e2525c03bab4

    SHA256

    2e04a18ff185ba5b16f762a0538339bc4049aceaef9738edd43af77d2ceb788b

    SHA512

    5b73af24d095f7593026d3f211da6775d91c2efb5cdb0e0258ccca8edd3f8645cdf80d8338c863794d260f4bca08637233be3548d83e7225518dee2f47560798

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Knight2\EN\newest_namelink.xsl
    Filesize

    12KB

    MD5

    5ed8abe7ea24193e2ff2cce50cf595b4

    SHA1

    d0c0c97912631375782bd768b074e3d608743aca

    SHA256

    c9f4c99f629cbec5845e2ae720724a648d684985291aa85b483937bddc9044b8

    SHA512

    dec6adc9e7fc74ac4d34f60b3c523b151f6fa039cf1e54742447a305afddd54d8f8e5ee3580bb525a3e277e6e20e7c73706df0136196e37e2c00c68a9caf8519

    Download Submit

  • memory/880-0-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/880-37-0x0000000000400000-0x000000000056C000-memory.dmp

    Filesize

    1.4MB

    Download