Overview

overview

10

Static

static

7

36f0e4ed75...95.exe

windows7-x64

10

36f0e4ed75...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    164s
  • max time network
    180s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36f0e4ed75a4cbbe79b1a7105bbb3995.exe

  • Size

    13KB

  • MD5

    36f0e4ed75a4cbbe79b1a7105bbb3995

  • SHA1

    f9c8792aa1d0544a41effe50d0c33378bd977a5c

  • SHA256

    1d0799de8e01ed4b223ed6e00d6e51cf8fcfc3142b9b794a901fb9baa3b4ecda

  • SHA512

    c19fd65c087d2946f4045535dc21ed52e9e8fc15b049479d1af00207558c010e9d5921e5765bb3136d9d1e982cecc4cfadb0db4b10705be4d8e8586a54dcb47d

  • SSDEEP

    192:m51V1upEMYREAW6tHwK1igssEcX4jXv+quAOhWEUmJA0B/CPd1jjkEp0hq:U/EA11MpXvagqkbjjkk0Q

Score
10/10
evasionpersistencespywarestealertrojanupx

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Blocklisted process makes network request 1 IoCs
  • Modifies Shared Task Scheduler registry keys 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 5 IoCs
    evasiontrojan
  • Drops file in System32 directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36f0e4ed75a4cbbe79b1a7105bbb3995.exe
    "C:\Users\Admin\AppData\Local\Temp\36f0e4ed75a4cbbe79b1a7105bbb3995.exe"
    1⤵
    • Modifies Shared Task Scheduler registry keys
    • Registers COM server for autorun
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Windows\system32\birdasfihuy32.dll, load
      2⤵
      • Modifies security service
      • Windows security bypass
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Windows security modification
      • Modifies Internet Explorer settings
      PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\biasfardihuy.dll
    Filesize

    60B

    MD5

    d994da525362001f4bb77691fa977dcb

    SHA1

    590b6a7fadc72ecde07ad802c8ece36876949dc7

    SHA256

    a5b472267bed3218eca234ced00504ecac22b4b062701db4d4eee44f8306b83c

    SHA512

    d4a4ac1ce60b3c9de1665c2831089e38a9a25a00fe35b472115224c5761a61cfdaad1026187c8f3535be964e8b5b2ece93461d1d30bd59bfe1f4dac3bfaae4da

    Download Submit

  • C:\Windows\SysWOW64\birdasfihuy32.dll
    Filesize

    28KB

    MD5

    4d837e1558925bc0f5e877f5622e3d72

    SHA1

    81e55afedf9e5cbdb7de3d0a706e4902cf6466c8

    SHA256

    75ee404677b89dff50e0df72052158ef2d06245c8601af00c19cab70fa929b1c

    SHA512

    7c55da66f18ec44cd2793ac72901ed11e437865d98f69402e66a75cbab4dfb419ba3f258b52ae374b9d10ff2083df16bb40437768491b52adaa30e33a32fcad4

    Download Submit

  • memory/2304-0-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2304-9-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download