Overview

overview

7

Static

static

7

44ab29f8c9...37.exe

windows7-x64

7

44ab29f8c9...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    05/01/2024, 23:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    44ab29f8c98db8d038badf81d2bc7737.exe

  • Size

    321KB

  • MD5

    44ab29f8c98db8d038badf81d2bc7737

  • SHA1

    8a8335a9fe633554f2651f57d3100c762ce18968

  • SHA256

    14f8b870ea7830b828e2641f4fe8493a937c1fe1552d081dbdc3dd3a7ca6f10c

  • SHA512

    7721eb3195e21e4dfd12cfd113c5d256796eec1e59f5b366da85aa86bc3ad301ea9b2a9e60c8ab44358d6146111ec3c0a03002ab26f6b3c5d74ae2450a36a5ef

  • SSDEEP

    6144:OiLsNLop94KLMZ4hD2tUfBxboPRYG4SLRXUxVK:OiQNo9TYFtUJB9ANUxc

Score
7/10
adwareevasionstealertrojanupx

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies registry class 50 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Windows\baidu\info2asp.exe
    C:\Windows\baidu\info2asp.exe 0ECF425C63BA9ACDBA47BCFCE0729441558839FCE551ED8286FFF72FBA452935C184EC17A33CD8610D82137E18439E1A7ADC55E55E
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 308
      2⤵
      • Loads dropped DLL
      • Program crash
      PID:2996
  • C:\Users\Admin\AppData\Local\Temp\44ab29f8c98db8d038badf81d2bc7737.exe
    "C:\Users\Admin\AppData\Local\Temp\44ab29f8c98db8d038badf81d2bc7737.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Windows\SysWOW64\wscript.exe
      wscript.exe C:\Windows\baidu\shortcut.js //B
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\System32\regsvr32.exe" /s C:\Windows\baidu\ATLcom.dll
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies registry class
        PID:2636
    • C:\Windows\baidu\iePlayer.exe
      C:\Windows\baidu\iePlayer.exe 0ECF425C63BA9ACDBA47BCFCE0729441558839FCE551ED8286FFF72FBA452935C184EC17A33CD8610D82137E18439E1A7ADC55E55E
      2⤵
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of SetWindowsHookEx
      PID:2484
    • C:\Windows\baidu\Update.exe
      C:\Windows\baidu\Update.exe 0ECF425C63BA9ACDBA47BCFCE0729441558839FCE551ED8286FFF72FBA452935C184EC17A33CD8610D82137E18439E1A7ADC55E55E
      2⤵
      • Executes dropped EXE
      PID:2628

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\baidu\ATLcom.dll
          Filesize

          90KB

          MD5

          8d8afbdd1977f3c5dc12775e56b7c319

          SHA1

          44cc86024bccaa91e29936623696594befb0a025

          SHA256

          1e8febc754066269b7c5f22388f4d3b7b4a7a70d382a8ae6f5daffe35ebb014b

          SHA512

          d669ac2137daaeedc64cbb8c4817a9c02ba3d57f2db3e82ebaea6c12c7e55cb6d2db47ca488338da065af517c5a1b27ba4fd4da41805ebc219e2f4053d6693d6

          Download Submit

        • C:\Windows\baidu\shortcut.js
          Filesize

          1KB

          MD5

          c7ea49bd0568bf89f387f6c5b45163ec

          SHA1

          6d694978c5c523ff460e890c6ea2aab43d8f615e

          SHA256

          07e61ebf29c13a0ff3c17b491c2c2550baf1e9ba894b19e880cfa8b660f2bf7a

          SHA512

          efd72c2f7c587e2fb2259e1864e47f528e9239453f4233383ac9a5f6205abed42313dc0c4fde8bc0cf686f3e94f14221a910e774194232ad31f4afef44d266b9

          Download Submit

        • \Windows\baidu\Update.exe
          Filesize

          57KB

          MD5

          2c4af8de5e96ad97393f18e67e545411

          SHA1

          0266f63b6a8bcdce96a1699466b5e181e2824d84

          SHA256

          718bacf147034db41a2e076338dd709c8638559116a77f60ec0d26c897f22129

          SHA512

          3e0a3802e26b570959a5b8e3c2593402a90be6574fe8062703a2a1772cf9ab68bd59ef2806d8b1afbaafe77a0470ce3e3610e39cbd6706c3d1f7533b6c2e993c

          Download Submit

        • \Windows\baidu\iePlayer.exe
          Filesize

          64KB

          MD5

          bcd7327919f9a78aeb5ea8e62705cb6d

          SHA1

          1dcb15d024e634063ee2b05f15af59589b16ffff

          SHA256

          f846d5eb0aa0c5bb648f0167ccde1cb2e882cafbb5f2a3737b7879a9c2b07505

          SHA512

          f2b71ab5e1666882d9d8a640f81f9625ee95903278a2254697457d3cd2f4a6aaa490f77a06632d71658ffc37180b7b0a9e1dbc7ef33a2ec007f2464212af8e9b

          Download Submit

        • \Windows\baidu\info2asp.exe
          Filesize

          41KB

          MD5

          1000b47ffbae539166a0e996216ebb36

          SHA1

          0803068acac00e9339fc1bcc4d2dca9752045f56

          SHA256

          d1558f21145f2b285a56cd926d39c9dca03fe32657b54c6467b42e443e5217cb

          SHA512

          2e80199bf91bb3d29b21ca4d920e04f5bf212d887314326a072e62d8e8686ff8b4eb9923c6fb4ccb10d9ccd1906bda5c5018b553b480d12bc8c6bcc27a0ed5bb

          Download Submit

        • memory/2964-1-0x0000000000400000-0x0000000000452000-memory.dmp

          Filesize

          328KB

          Download

        • memory/2964-27-0x0000000000400000-0x0000000000452000-memory.dmp

          Filesize

          328KB

          Download