Overview

overview

7

Static

static

3

6382abb52e...8f.exe

windows7-x64

7

6382abb52e...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    17/01/2024, 20:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6382abb52e998427cfbac7764d8ae98f.exe

  • Size

    616KB

  • MD5

    6382abb52e998427cfbac7764d8ae98f

  • SHA1

    6ab77839259252d5cca7f55808a35e1bdc45675c

  • SHA256

    b93f23b51ad17c50f8512c420a65e7c493a504a93f07563b600d0b1e7c76ff86

  • SHA512

    f7dd40a09297a1160ddd9595488d545c1039db6808590a0ac4477a5a961e3b7d4a6cee3d5e70053357bb7440c6fd713cbc8bf900ac14e4984545f342e08f5f61

  • SSDEEP

    12288:ES5onCNTAgEMfS84iLllGF3Z4mxxNVlceYwf:1o+MGTlkQmXNb7D

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6382abb52e998427cfbac7764d8ae98f.exe
    "C:\Users\Admin\AppData\Local\Temp\6382abb52e998427cfbac7764d8ae98f.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1456
  • C:\Windows\asphost4free
    C:\Windows\asphost4free
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
        PID:2708

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Windows\asphost4free
            Filesize

            616KB

            MD5

            6382abb52e998427cfbac7764d8ae98f

            SHA1

            6ab77839259252d5cca7f55808a35e1bdc45675c

            SHA256

            b93f23b51ad17c50f8512c420a65e7c493a504a93f07563b600d0b1e7c76ff86

            SHA512

            f7dd40a09297a1160ddd9595488d545c1039db6808590a0ac4477a5a961e3b7d4a6cee3d5e70053357bb7440c6fd713cbc8bf900ac14e4984545f342e08f5f61

            Download Submit

          • C:\Windows\asphost4free
            Filesize

            388KB

            MD5

            ecfb72e1ea8246a2f7bca2d4fd188214

            SHA1

            edfcbcbd7785d9baff984d4705c6995a10cc1271

            SHA256

            3ca1fe1fc399180378e4b63652d749ae06b7e68629e1bbcaeffd5fc309f869d7

            SHA512

            3888e41ac8afd07d3c442616bd7c0f8f5a2881cc0a59c29830c4fe438f71cc59b3dc83567bf59314a475d55f8aec0375000ef2e4fa501b2e7e41f3a84c86c117

            Download Submit

          • memory/1456-4-0x0000000001F40000-0x0000000001F41000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-3-0x0000000000760000-0x0000000000761000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-8-0x0000000001F20000-0x0000000001F21000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-11-0x00000000032E0000-0x00000000032E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-12-0x00000000032D0000-0x00000000032D2000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1456-18-0x0000000003360000-0x0000000003361000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-17-0x0000000001F10000-0x0000000001F11000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-16-0x0000000003340000-0x0000000003341000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-15-0x0000000003350000-0x0000000003351000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-14-0x0000000003320000-0x0000000003321000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-13-0x0000000003330000-0x0000000003331000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-10-0x0000000000750000-0x0000000000751000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-9-0x0000000001F50000-0x0000000001F51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-7-0x0000000001F30000-0x0000000001F31000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-6-0x00000000003E0000-0x00000000003E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-5-0x00000000003F0000-0x00000000003F1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-19-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1456-2-0x00000000002D0000-0x0000000000324000-memory.dmp

            Filesize

            336KB

            Download

          • memory/1456-36-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1456-20-0x0000000000350000-0x0000000000351000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-22-0x0000000000350000-0x0000000000351000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1456-0-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1456-1-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/1456-21-0x0000000000350000-0x0000000000351000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2208-29-0x0000000003210000-0x0000000003211000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2208-30-0x0000000003230000-0x0000000003231000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2208-28-0x00000000031C0000-0x00000000031C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2208-31-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-26-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-33-0x0000000000830000-0x0000000000884000-memory.dmp

            Filesize

            336KB

            Download

          • memory/2208-34-0x00000000009B0000-0x00000000009B1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2208-27-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-32-0x0000000000400000-0x00000000005B8000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-37-0x0000000000400000-0x00000000005B7200-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-38-0x0000000000400000-0x00000000005B8000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/2208-39-0x00000000009B0000-0x00000000009B1000-memory.dmp

            Filesize

            4KB

            Download