Overview

overview

10

Static

static

3

4b276bf350...a7.exe

windows7-x64

10

4b276bf350...a7.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    7s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2024 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b276bf3503cb47bd21fb8d77823a4a7.exe

  • Size

    33KB

  • MD5

    4b276bf3503cb47bd21fb8d77823a4a7

  • SHA1

    bf08d1a12076ba12c2b43193d6f0bdb1d1c0ff22

  • SHA256

    76fb15f2ae74bcc7b6f864f7568a75d080c504539904aa91a60dbe3bb1abecb2

  • SHA512

    9a3d2cb3c5a8e4a5269ba21066814114a90f1970475b21469805511e9b8abcff909dbcf476811a50c66f48f218fab41357de3d824a6b66406ee162d950eda7bd

  • SSDEEP

    768:U+ISmCcYsOy6LGkD19/wwlP8/DXfvbOUDp8leGs3nStS0v:U+TVcADLGkD19/wwqrX97GO2t

Score
10/10

Malware Config

Signatures

  • Process spawned unexpected child process 1 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b276bf3503cb47bd21fb8d77823a4a7.exe
    "C:\Users\Admin\AppData\Local\Temp\4b276bf3503cb47bd21fb8d77823a4a7.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2416
  • C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:2736
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Process spawned unexpected child process
      PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\nynw.wmo
    Filesize

    20KB

    MD5

    1115629b3629d395579a66a1b2ad2697

    SHA1

    7421a54e3d35309c804503441525d51bcd82a8bc

    SHA256

    9e635f518975d1cfaec0334264395043b7539faab201693bb795de7d24ce929b

    SHA512

    8d535c4140356b419f5eeac4a21a38ed781e4c34436db4e833db0e75249acbe9ce2aaa38dc1a2ad9261284b9e04f459809451322377ed9af05afae888b05d1ec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\54C4.tmp
    Filesize

    20KB

    MD5

    699bfa9503ddb0d74bc019a9c16ea636

    SHA1

    3b929de12de62b81a57daad5c8b34fa8170d36b5

    SHA256

    32bbbd5084e7f0b483a997a3f2fbb9c5ee1744cef5f5f26cf7b11b2ff88bd60e

    SHA512

    e133d3ada07d18165d6e76e18baa60e4dae922f650e6b4b42306b5a44b1f24b1e95298e8905028abf200264ae1116da198f3665eb7bae35eea8fb0f7e61b02a6

    Download Submit

  • memory/2416-23-0x0000000010000000-0x000000001000B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2416-26-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2416-22-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2416-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2600-27-0x0000000010000000-0x000000001000B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2600-19-0x0000000000080000-0x0000000000081000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2736-13-0x0000000000210000-0x0000000000310000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2736-21-0x00000000710CD000-0x00000000710D8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2736-20-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2736-16-0x0000000000210000-0x0000000000310000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2736-6-0x000000005FFF0000-0x0000000060000000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2736-7-0x00000000710CD000-0x00000000710D8000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2736-5-0x000000002FFA1000-0x000000002FFA2000-memory.dmp

    Filesize

    4KB

    Download