Overview

overview

7

Static

static

3

48cb327981...fd.exe

windows7-x64

7

48cb327981...fd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 11:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    48cb3279812f4d1f6947d8279dc0a9fd.exe

  • Size

    51KB

  • MD5

    48cb3279812f4d1f6947d8279dc0a9fd

  • SHA1

    ba6ea1175f0d4393c247e92c4e3c9eb3c5da79bc

  • SHA256

    03526bd66211486bac9808ba44b8a04bb9a05de857147cc40ca6daa3958fb4d6

  • SHA512

    874c01045aa1180771029246595cc9411aae0e80229902ce3c38ed6b05d88b6e2f8aa51472bd753b084cc0e2a50ba308675e6b459541b3d6780215aba660a418

  • SSDEEP

    768:Z6aSnCgEzjOAReEUhQwhAw2JAyoR8citqmaRYVsDQqQHF4YtQkmDLE:Z6aSAyAReqwhAw2J4SDUQH2YtQFE

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48cb3279812f4d1f6947d8279dc0a9fd.exe
    "C:\Users\Admin\AppData\Local\Temp\48cb3279812f4d1f6947d8279dc0a9fd.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2740
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe10F2.bat"
      2⤵
        PID:2664
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\48cb3279812f4d1f6947d8279dc0a9fd.bat"
        2⤵
        • Deletes itself
        PID:2648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a50967ed54b07c37567c6dc559a858b

      SHA1

      beecc0e6fe1819843133ffadc29e477a2b800516

      SHA256

      875b07fcad97159909ae936127fbd84d24836c5bfa1755b1eecd7be46263cec1

      SHA512

      29f1b0f132f462e7bf375ff3ded3950a3bef55099b9ddf492f41c9a15d309b249ab07c97d6828d7dbc55a99b8683c1fbcb60ddb2c5ca0c8e665e6a7588138e3f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\48cb3279812f4d1f6947d8279dc0a9fd.bat
      Filesize

      263B

      MD5

      6a3324995d71665fe1f95eb2c8b9eeeb

      SHA1

      310c250d095faea03516cb736744fac3cf1ce848

      SHA256

      ebd65fab73b9d987e0a18824162c3c26809ee2b5f53f70ce97dda1d5370c567e

      SHA512

      465adc9e427166181812be5da4dc84faa25f6a00d9fcf1982c2d6053b308a6f3ec57c235b0cb8620905925f5df8464a7cad54aff40c74ccaa83f3974680374a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1111.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar12F9.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\twe10F2.bat
      Filesize

      188B

      MD5

      233049b97f8737c1ffe0c4f9ff0795c5

      SHA1

      ce3d238690edb0fc8dfd6b516ef7ce6e0126fc16

      SHA256

      2d25d7b541dabd1d1f342171a728eb00ac9291a8e14866a405b7f930a846bfd8

      SHA512

      917c69ebf0ba866005072db6239f5322937fe60bdf0543b5d5de920aaeb63b18247069fa1ab9b26726ad5775997212dde7a72d8b351cd656f3cb3a05ef9537c3

      Download Submit

    • \Users\Admin\AppData\Local\Temp\twe10F2.tmp
      Filesize

      38KB

      MD5

      754779d328e7f64b7d389dba64ff0330

      SHA1

      c676a00ebf8bea88c5aa064c4b121c9ad827039c

      SHA256

      effcc4e01109a221ea1f75c57c2746d839c41e9ca2250f948aa5c12dec93a244

      SHA512

      01fc0651c655865be339cef9b3b4aa16651ad0e0259467019bb25c2c0d106abbaad6572a5da1f0dc96819e358a0ab68cf58071a52b3c7bd8f789d59479878c82

      Download Submit