Overview

overview

7

Static

static

1

518c295dd4...0a.exe

windows7-x64

7

518c295dd4...0a.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    518c295dd4bc20e300c2bf5fe3bd540a.exe

  • Size

    262KB

  • MD5

    518c295dd4bc20e300c2bf5fe3bd540a

  • SHA1

    845c6ddc19e0dad406a3cd96cb416080d196989d

  • SHA256

    aff31cff567948ba4ae2144bbcc562a4d3ab115f7e8b00482414b81ebf40a543

  • SHA512

    02ca9a41141c31a205c2f3ea4782d3135910aaa7434dd87a3d8b4866b889873aa00fe5449fea782641a74fd5edc9433303b9e4c7b8f49b0f4997ede7a41f9217

  • SSDEEP

    6144:758Gp+df0afmVTRMdwdpn94sLrNXel9ibb98+MAAD:F8YkfXf4TRME94svNuzibb9Z+

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\518c295dd4bc20e300c2bf5fe3bd540a.exe
    "C:\Users\Admin\AppData\Local\Temp\518c295dd4bc20e300c2bf5fe3bd540a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp9d45a64d.bat"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 112
        3⤵
        • Program crash
        PID:1676
    • C:\Users\Admin\AppData\Roaming\Otkyi\wiah.exe
      "C:\Users\Admin\AppData\Roaming\Otkyi\wiah.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of UnmapMainImage
      • Suspicious use of WriteProcessMemory
      PID:2364
  • C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    1⤵
      PID:1652
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1256
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
          PID:1224
        • C:\Windows\system32\taskhost.exe
          "taskhost.exe"
          1⤵
            PID:1120
          • C:\Windows\system32\conhost.exe
            \??\C:\Windows\system32\conhost.exe "-2016524993106840588312773213151382091468-1684313077-1872060101-738079523787781196"
            1⤵
              PID:1628

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Roaming\Otkyi\wiah.exe
              Filesize

              230KB

              MD5

              7b81fdf4ef7428b559608171b011dace

              SHA1

              ea43f84e5f27ba3be45ecf4182e4b6962ae24a02

              SHA256

              179d546fc1dd6c6db353ea56e2c225cef939602ef0586ac4c0b037aa19ad5fc1

              SHA512

              b92e0beadcb45dc68620e3b28e51370e43584d8c3ab61a42ddb3c3d40c131f6a1416a76d60d2fa4e825e72b3837cbccf2591afa704c8a0110058f7938549f65f

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Otkyi\wiah.exe
              Filesize

              262KB

              MD5

              3a0cdf7d687cfd7b0ee3a4470870b716

              SHA1

              9a3653af4fcf6d6ccb5037c47cd79e860cb065c0

              SHA256

              e1f0ca78949d4b3c388fcd6988a04299a7dbf57f0101cd0fd63bfc588d19d3bb

              SHA512

              2e5e80c2d8df3bb9667dfe4c1c179651fd8d96cf6085cbbd0a2f1ccce4952db538ad044050a11b6486b38c70f508a60f5d0169549808928b9b3b5c143420e563

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Ucicaw\iwza.noi
              Filesize

              366B

              MD5

              d34fc2d78b662906697cc10b6d341d7b

              SHA1

              d7022005f1eab423bb0d50be8a9b2f62c381cdb4

              SHA256

              702b79e7bd7a6382c5251b3b6abce9e504d2a30680542b44e98a2ef338a15ece

              SHA512

              96b8939bf864d4d76a0941d7f391b56be2299957564d6ebc23894dfef71385b5071e857ffc09e46613769ba017c0dc10a3f21f673384b58c48ea2a10249bc6af

              Download Submit

            • \Users\Admin\AppData\Roaming\Otkyi\wiah.exe
              Filesize

              175KB

              MD5

              eed379f3a06ed397a13cda7469e85178

              SHA1

              7778c050aa38b0e758f22d457bcae4f938192360

              SHA256

              49d6dc637fd7cc4b33c0e79732bcb9a39500974a1c14529899c05bda76209652

              SHA512

              d40f7fe92ee7a6593985d6637ec042f40383e89f204dfb299b427de6a007fb24fd2048b06c8ee2771a1bd87a9b9687bc63a7e62025f8f6b52b92af8630dcb27e

              Download Submit

            • memory/1120-22-0x0000000002050000-0x0000000002091000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1120-24-0x0000000002050000-0x0000000002091000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1120-20-0x0000000002050000-0x0000000002091000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1120-18-0x0000000002050000-0x0000000002091000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1120-14-0x0000000002050000-0x0000000002091000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1224-32-0x0000000001F90000-0x0000000001FD1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1224-28-0x0000000001F90000-0x0000000001FD1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1224-34-0x0000000001F90000-0x0000000001FD1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1224-30-0x0000000001F90000-0x0000000001FD1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1256-39-0x0000000002DA0000-0x0000000002DE1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1256-37-0x0000000002DA0000-0x0000000002DE1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1256-38-0x0000000002DA0000-0x0000000002DE1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1256-40-0x0000000002DA0000-0x0000000002DE1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1652-45-0x0000000001D80000-0x0000000001DC1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1652-44-0x0000000001D80000-0x0000000001DC1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1652-42-0x0000000001D80000-0x0000000001DC1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1652-43-0x0000000001D80000-0x0000000001DC1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1676-283-0x00000000007A0000-0x00000000007A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1676-286-0x0000000000860000-0x00000000008A1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1676-189-0x0000000077690000-0x0000000077691000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1676-185-0x0000000000860000-0x00000000008A1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/1676-187-0x0000000077690000-0x0000000077691000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-171-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-170-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-51-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-50-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-49-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-48-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-47-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-54-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-59-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-60-0x0000000077690000-0x0000000077691000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-62-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-64-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-66-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-68-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-70-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-72-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-169-0x00000000004C0000-0x0000000000505000-memory.dmp

              Filesize

              276KB

              Download

            • memory/2168-52-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-4-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-74-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-76-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-56-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-78-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-5-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-2-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-1-0x00000000004C0000-0x0000000000505000-memory.dmp

              Filesize

              276KB

              Download

            • memory/2168-0-0x00000000002A0000-0x00000000002E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2168-146-0x00000000002F0000-0x00000000002F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2168-58-0x00000000005A0000-0x00000000005E1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2364-13-0x0000000000490000-0x00000000004D1000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2364-17-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2364-284-0x0000000000400000-0x0000000000441000-memory.dmp

              Filesize

              260KB

              Download

            • memory/2364-15-0x0000000001C10000-0x0000000001C55000-memory.dmp

              Filesize

              276KB

              Download