Overview

overview

7

Static

static

3

6420d94f9a...a9.exe

windows7-x64

7

6420d94f9a...a9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6420d94f9a7c3b11bf77a23a860f0fa9.exe

  • Size

    57KB

  • MD5

    6420d94f9a7c3b11bf77a23a860f0fa9

  • SHA1

    a7b5942bdead3972464ec41730e1c4c81997ff68

  • SHA256

    2245b4d8701f3fd603bdce211b01aac0ccc289fe5aff93fa053549fb7d0cd8c9

  • SHA512

    489adcbd3d0021c409dbaa7ed883d62207ac21efd6dd28cb2c532997d3e92b46849b1ca2df97da1ac8a81f36fa11b2f5c8b5296cde93d307bb706c7e9ed1ba42

  • SSDEEP

    1536:WqBwbLWJLJFKqAZzrZA4kJJC7lAfEXhlsGWOTzAh1B:WqBFJLzgOJJCBw0lpWOA9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6420d94f9a7c3b11bf77a23a860f0fa9.exe
    "C:\Users\Admin\AppData\Local\Temp\6420d94f9a7c3b11bf77a23a860f0fa9.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
      2⤵
      • Drops file in Program Files directory
      PID:2708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ife.txt
    Filesize

    2.4MB

    MD5

    d764427a56454524747d03d1afb1c5dc

    SHA1

    65eaed74d1f867a9e3f9626b3a7f83f249d9e3a2

    SHA256

    73fa6d32b32999f668fca5d839c9d10ff9b1e6df1f8dbe92f3238204be352bd5

    SHA512

    bb7274b3eb47e7e51ce9797315276903c4a6d01e44541060aa0b689c43ddddb41fe3dc4deb65811a92fc92c04978ddec0fb1d3ecbcdc6597ca33b0c42104de31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst1D6.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    e54eb27fb5048964e8d1ec7a1f72334b

    SHA1

    2b76d7aedafd724de96532b00fbc6c7c370e4609

    SHA256

    ff00f5f7b8d6ca6a79aebd08f9625a5579affcd09f3a25fdf728a7942527a824

    SHA512

    c9ddd19484a6218f926295a88f8776aff6c0a98565714290485f9b3b53e7b673724946defed0207064d6ab0b1baa7cb3477952f61dbe22947238d3f5802fa4f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1D6.tmp\time.dll
    Filesize

    10KB

    MD5

    38977533750fe69979b2c2ac801f96e6

    SHA1

    74643c30cda909e649722ed0c7f267903558e92a

    SHA256

    b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

    SHA512

    e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

    Download Submit