Overview

overview

7

Static

static

3

548ee37a52...cb.exe

windows7-x64

7

548ee37a52...cb.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 20:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    548ee37a5281e7026d4e0689fbf60fcb.exe

  • Size

    743KB

  • MD5

    548ee37a5281e7026d4e0689fbf60fcb

  • SHA1

    1c325b60cd10c249a079f40778e5d65cd8b5ef94

  • SHA256

    d3f75c7d2ecf26823ed9144272a35fe0fbf71c36adfd46c0c0dae67942ff197d

  • SHA512

    2bc215fac4bd62cfac81bca26b41264228d557771f847b4a616aa2964988f941c7be72822c3bff690a2221b8b7344f8d1bc10ce4809b0eb65637bccc369a2575

  • SSDEEP

    12288:FRn8S++U4u/n/80dW5A0zyo6JwQ5oAlK+GPHvZuIk27QQ52LYRgc8yPwDR+w:v8MU4ufxdW5A2mJr/kNHvcIk2/3Y

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\548ee37a5281e7026d4e0689fbf60fcb.exe
    "C:\Users\Admin\AppData\Local\Temp\548ee37a5281e7026d4e0689fbf60fcb.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\61642520.BAT
      2⤵
      • Deletes itself
      PID:2748
  • C:\Windows\system.exe
    C:\Windows\system.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2644

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\61642520.BAT
      Filesize

      190B

      MD5

      1c8c5112cf15965aaf29d77f17ba6622

      SHA1

      753dc1d26ac82316c309c13eac6d2bc198f7d312

      SHA256

      d0a66cc9257f726825fea060457b55ef46bb57acfb70b4bc5e3d3e0e0b911b94

      SHA512

      d5c9c88b748fbe64485c97344701b431702372f09212e0b185a249b647b6e99cc2f3cfc713ca733d5f1c9f1b899fcf253e907e43dcb904723347c7ae018ef662

      Download Submit

    • C:\Windows\system.exe
      Filesize

      743KB

      MD5

      548ee37a5281e7026d4e0689fbf60fcb

      SHA1

      1c325b60cd10c249a079f40778e5d65cd8b5ef94

      SHA256

      d3f75c7d2ecf26823ed9144272a35fe0fbf71c36adfd46c0c0dae67942ff197d

      SHA512

      2bc215fac4bd62cfac81bca26b41264228d557771f847b4a616aa2964988f941c7be72822c3bff690a2221b8b7344f8d1bc10ce4809b0eb65637bccc369a2575

      Download Submit

    • memory/2620-0-0x0000000000240000-0x0000000000241000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2620-13-0x0000000000400000-0x00000000004C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/2632-4-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-15-0x0000000000400000-0x00000000004C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/2632-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-20-0x0000000000400000-0x00000000004C2000-memory.dmp

      Filesize

      776KB

      Download