Overview

overview

7

Static

static

3

5675812ab0...8b.exe

windows7-x64

7

5675812ab0...8b.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 12:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5675812ab00decc7dd4ea27cd22cd98b.exe

  • Size

    178KB

  • MD5

    5675812ab00decc7dd4ea27cd22cd98b

  • SHA1

    5fafd0f90e100d562321ddb51fcb21eb8adef576

  • SHA256

    517cb827b4727f02182954f911afdc1941baca8ba811e8f9be52d5d1a044ac76

  • SHA512

    468321768e0db7ab99e93b84216ab6b10850ce1bfa8adbc8c5168276ae6f480a5e602e435a8299028215c050a2308a187b5faa7f37c003f219ea6558f8438d01

  • SSDEEP

    3072:vawFVZVyuiwiOas97N7I+WipOS85v6iu0G1dy+1ZVdAEdvttaxIEzSf9Nn+WuO6K:vawFVZ0xjc97N7IBiCB6Vhg+TVdAAjIG

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5675812ab00decc7dd4ea27cd22cd98b.exe
    "C:\Users\Admin\AppData\Local\Temp\5675812ab00decc7dd4ea27cd22cd98b.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Roaming\uqfilgw2.exe
      "C:\Users\Admin\AppData\Roaming\uqfilgw2.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2292

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\ib2[1].htm
          Filesize

          162B

          MD5

          4f8e702cc244ec5d4de32740c0ecbd97

          SHA1

          3adb1f02d5b6054de0046e367c1d687b6cdf7aff

          SHA256

          9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

          SHA512

          21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

          Download Submit

        • C:\Users\Admin\AppData\Roaming\380q4qlmbidiulvz.dat
          Filesize

          8B

          MD5

          919c5723dcd1534398f52cf8c0ef599c

          SHA1

          15ed7ad6254c04080d750fb4d2cc310592c46e3c

          SHA256

          ae2cdbad7847e8ca2b942cc7fa7366b619f593946f033645d7af64ffe2e866be

          SHA512

          5b4cc4d4a5314c60561e79b373be60d70c8ad7e095da494507e0f2a70ca3817d9718293718eba5599a3573d316698bc8623e9556bc1c86f698a958f19e8cd962

          Download Submit

        • \Users\Admin\AppData\Roaming\uqfilgw2.exe
          Filesize

          178KB

          MD5

          5675812ab00decc7dd4ea27cd22cd98b

          SHA1

          5fafd0f90e100d562321ddb51fcb21eb8adef576

          SHA256

          517cb827b4727f02182954f911afdc1941baca8ba811e8f9be52d5d1a044ac76

          SHA512

          468321768e0db7ab99e93b84216ab6b10850ce1bfa8adbc8c5168276ae6f480a5e602e435a8299028215c050a2308a187b5faa7f37c003f219ea6558f8438d01

          Download Submit

        • memory/1732-2-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1732-3-0x0000000000260000-0x0000000000360000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/1732-10-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/1732-0-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-42-0x0000000000240000-0x0000000000340000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2292-60-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-14-0x0000000000240000-0x0000000000340000-memory.dmp

          Filesize

          1024KB

          Download

        • memory/2292-39-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-40-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-12-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-45-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-50-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-55-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-34-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-64-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-68-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-74-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-79-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-84-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-88-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-93-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download

        • memory/2292-97-0x0000000000400000-0x0000000000467000-memory.dmp

          Filesize

          412KB

          Download