Overview

overview

8

Static

static

3

6fb5071331...bf.exe

windows7-x64

8

6fb5071331...bf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    22-01-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fb50713314e5efdea6285202214fbbf.exe

  • Size

    54KB

  • MD5

    6fb50713314e5efdea6285202214fbbf

  • SHA1

    0ca70c75795286d099e1ab7559b8f8a5c5061df6

  • SHA256

    51c2c22dd1b44e70b2b5ce8a9bb10b279527e03dbfb60d0810e7b4b2dc1c2dc3

  • SHA512

    855df736f424c765a7561a11807af24fefc64cb5d6a10bddfe0cd525be6249f30c26523abbaca320653bcf210d1efc2a174182ba37fdb2bf24878ba012a8fd40

  • SSDEEP

    1536:/KZiivgFkkHnjXVJj+AvIvWC61AIRNG4ij:UvcDHnjFByvb613A

Score
8/10
evasion

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fb50713314e5efdea6285202214fbbf.exe
    "C:\Users\Admin\AppData\Local\Temp\6fb50713314e5efdea6285202214fbbf.exe"
    1⤵
      PID:2736
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\s_min_run.bat" "
        2⤵
          PID:324
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\redload\1.bat
            3⤵
              PID:784
              • C:\Windows\SysWOW64\reg.exe
                reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.71628.com/?S"" /f
                4⤵
                  PID:304
                • C:\Windows\SysWOW64\reg.exe
                  reg add "HKCU\Software\tmp" /v "key" /d ""http://www.71628.com/?S"" /f
                  4⤵
                    PID:672
                  • C:\Windows\SysWOW64\reg.exe
                    reg add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.71628.com/?S"" /f
                    4⤵
                      PID:892
                    • C:\Windows\SysWOW64\reg.exe
                      reg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}\Shell\open(&H)\Command" /v "" /d "wscript -e:vbs ""C:\Users\Admin\AppData\Roaming\redload\3.bat""" /f
                      4⤵
                        PID:852
                      • C:\Windows\SysWOW64\reg.exe
                        reg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}" /v "IsShortCut" /d "" /f
                        4⤵
                          PID:576
                        • C:\Windows\SysWOW64\attrib.exe
                          attrib +s +h C:\Users\Admin\AppData\Roaming\redload\tmp\a.{971C5380-92A0-5A69-B3EE-C3002B33309E}
                          4⤵
                          • Sets file to hidden
                          • Views/modifies file attributes
                          PID:712
                        • C:\Windows\SysWOW64\attrib.exe
                          attrib +s +h C:\Users\Admin\AppData\Roaming\redload\tmp
                          4⤵
                          • Sets file to hidden
                          • Views/modifies file attributes
                          PID:112
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Users\Admin\AppData\Roaming\redload\2.inf
                          4⤵
                            PID:2612
                            • C:\Windows\SysWOW64\runonce.exe
                              "C:\Windows\system32\runonce.exe" -r
                              5⤵
                                PID:1516
                                • C:\Windows\SysWOW64\grpconv.exe
                                  "C:\Windows\System32\grpconv.exe" -o
                                  6⤵
                                    PID:1156
                              • C:\Windows\SysWOW64\rundll32.exe
                                rundll32 D:\VolumeDH\inj.dat,MainLoad
                                4⤵
                                  PID:1444

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Temp\cdf1912.tmp
                            Filesize

                            790B

                            MD5

                            b18422bf438bbb7798280375a7bc0976

                            SHA1

                            c1b77b35e3a38ff2ad119f25e548beb5ff68c2e2

                            SHA256

                            ee8709e751067193dccdfe218108bdae6a30919d7b6c860bc848c7cc4b242fa4

                            SHA512

                            23cb9c74905f514a2bf4ef91afc53ceb08230b3ce68e3eab17bb36c674260d143a7e7105958ff4ed5c2a416bddffb3c7e28dcf8060cbf323c7e4cab71f613176

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\s_min_run.bat
                            Filesize

                            54B

                            MD5

                            504490369970f1c0eb580afbcdf91618

                            SHA1

                            b52f65cd538e6c998b2c7e3167f9c8e8fa6c7971

                            SHA256

                            a13a0579286521f0d7cb55fc7d28c6d33f14c0573e9e69f7584fa4008a8e7d43

                            SHA512

                            5495ce79abf0fc4ffbfaf9aefa484145f4e0d3e8457be0e2e4dfb1284fb5413016f2d9867e2386db5c4f7b51863bfffeae8ea6bd879053fdf6a928ab2a0857ad

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\redload\1.bat
                            Filesize

                            3KB

                            MD5

                            58db0fb8d73a32c0e8057a6f78c16d07

                            SHA1

                            5cca0167d57e8bc9a8a228134db7456bfedeb63e

                            SHA256

                            5191c4b522b9dd8369363060d5e03b2728f71c09855daf1ebc418f592c50029a

                            SHA512

                            829e9da755fdd4c0b0b276ee47775af66f264ac7ae0e8bb8dec1480a038c58cb6d9e9cdd3706ca7b412f6d143ea6e1034da9993220ae0329e1323d9c5c5ab75a

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\redload\2.inf
                            Filesize

                            248B

                            MD5

                            2197ffb407fb3b2250045c084f73b70a

                            SHA1

                            3d0efbacba73ac5e8d77f0d25d63fc424511bcf6

                            SHA256

                            a1a42f5a41ce65135b1ad525eabc04cce89ee07d2f51d06e5e1dea6047081591

                            SHA512

                            b35a99e144da3f02de71158f58a6b937435d1bce941126a554783c667654b880527b11ba8a5c0fcf093ce28863ea4f5e60f73f8f973a727f177d584d2e9c80fe

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\redload\4.bat
                            Filesize

                            2.7MB

                            MD5

                            7fdeaf11a17ed286f325a8fa07c0d137

                            SHA1

                            a8756aea84733a8b1418e03d73630cfa4816fc51

                            SHA256

                            eb7ea66c9e11db914999ee5ef7fd0d139821899de3ee8ab362da7a1a492befd6

                            SHA512

                            6f5a3c28a77d2a76d9c5138f1c24000ec7fb720bd33e54e0fd72d457603abede4d99926e3bda4a71ade9bae6c2231e6cc940364458714f3c5ba93f7a6a34debf

                            Download Submit

                          • memory/784-78-0x00000000003A0000-0x00000000003A1000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/2736-1-0x0000000000020000-0x0000000000023000-memory.dmp

                            Filesize

                            12KB

                            Download

                          • memory/2736-0-0x0000000000CC0000-0x0000000000CE5000-memory.dmp

                            Filesize

                            148KB

                            Download

                          • memory/2736-5-0x0000000000CC0000-0x0000000000CE5000-memory.dmp

                            Filesize

                            148KB

                            Download

                          • memory/2736-38-0x0000000000400000-0x000000000040E000-memory.dmp

                            Filesize

                            56KB

                            Download