Overview

overview

7

Static

static

3

4195cd13ae...49.exe

windows7-x64

7

4195cd13ae...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 18:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4195cd13ae240dd144bf627b81ee8e49.exe

  • Size

    151KB

  • MD5

    4195cd13ae240dd144bf627b81ee8e49

  • SHA1

    a38f52c59da5821c0c1e5f1c92f660abde5b444e

  • SHA256

    e00ac013c19120cbbfb1c81667cf99b131641c7ce87ea085bddc618a11bf11ae

  • SHA512

    d7873f4bd4697e964773006e011e1e0818a13ad3f12f696a4426bead2e764a539efd005cf5fd4a63dbb9932bcfd92958078c1745081ac424ed1ec3d2de5d89e0

  • SSDEEP

    3072:IqC0ClDtQ9dWAZncM5u94tMOY3Dl4yST8io6fwc1fTwyP:IqCJDtQ9dWAmM5uMMOY3D5ST8iHjfT

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4195cd13ae240dd144bf627b81ee8e49.exe
    "C:\Users\Admin\AppData\Local\Temp\4195cd13ae240dd144bf627b81ee8e49.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:3936
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        PID:1920
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:17410 /prefetch:2
          4⤵
            PID:1292
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 520
        2⤵
        • Program crash
        PID:4132
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\kmD5081.bat"
        2⤵
          PID:2308
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3008 -ip 3008
        1⤵
          PID:2008

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCD43.tmp
          Filesize

          11KB

          MD5

          86a8c9f89da20de8755649fb58a8c073

          SHA1

          1459e090d35d9761e827243b458ab6019e6838f9

          SHA256

          a68410beecedbfd2755fb4c8b3df0d25ff0169fec294aec16ab28bcdcddd04aa

          SHA512

          fc20523d7845f2b4a4cd3409f84b9cb510e5645fd600dff9a78fe3786cd229048f80c8058365b42eb3189e6b02713eea1d098be709b188519c71c18a63b83d45

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\kmD5081.bat
          Filesize

          188B

          MD5

          b4cfd3a6e31d6a5f3a8707fe232f8fea

          SHA1

          feff1bfd1d08de29f926121b91474f90639efb4a

          SHA256

          190b28f4bc4545a250a3da300feb4aa1e9af18a9622576edb4ad8c35b0b0f3b0

          SHA512

          9a00cd08ce6212cfec8cf4bdd1b6f9e0a675a764bcc8bc4bf8518621d784aa2477512052a5d1138d4a5466d2c9ead2788310cd6c3247c0af3c7587339c865ce1

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\kmD5081.tmp
          Filesize

          44KB

          MD5

          8d7ca383ddcaa3e0695b6ceddb79f134

          SHA1

          552559353ca489a30208b9c70200bbeabfb5f2b4

          SHA256

          3d76dc6ed439bc05559a684265be6ad270913fa6414924d9e808f1262ed76e40

          SHA512

          2b61655080b1172a6d4efd57b3630520610b0f0df99a8533a403d0cc3b1e88dd5dbbe17c72f743062328617dd79f4ca13ddafed48892705732a8298a0ebb40bf

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\kmD5081.tmp
          Filesize

          80KB

          MD5

          c702ee2a71bf754298e27f472619febe

          SHA1

          7ebcd72777574248276150f6f626da8c5787104d

          SHA256

          e704d398d8877859c21bad0b743c8070f368a0942c4481814b4e59f286815b1e

          SHA512

          cda88cf82008d7f297023f1447b95e89ae144d4474fef4ad8287f2cb7fea35f563ac010aa0757758436554fd14a2cf6cd7189ef3445ba19790423964c1a197f8

          Download Submit