Overview

overview

7

Static

static

3

7324f00bd7...15.exe

windows7-x64

7

7324f00bd7...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/01/2024, 23:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7324f00bd75b6feb0fae0783c2fb6c15.exe

  • Size

    691KB

  • MD5

    7324f00bd75b6feb0fae0783c2fb6c15

  • SHA1

    f68d0b69134fe33c2131706338ff7135a5197519

  • SHA256

    6adeb5f78a223c558b233b3474f4c65a993f61895f2a2b176b1a38c76d6a8522

  • SHA512

    8f2817a0a18ca37a08b6fdfb5c24501f420daddf848f77eaccae1bf50a292171491beb9efc7104d02885fc0bddec1c6e85887f8426dadce80ac068737ab9bdba

  • SSDEEP

    12288:UTHxGNKvvQtEXh4FarF7Uz0bBMOzr9zF3Z4mxxUDqVTVOC7:UTHxGNKIZF+F4zciO1zQmXDVTz7

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7324f00bd75b6feb0fae0783c2fb6c15.exe
    "C:\Users\Admin\AppData\Local\Temp\7324f00bd75b6feb0fae0783c2fb6c15.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c C:\Windows\uninstal.bat
        3⤵
          PID:2836
    • C:\Windows\win32.ini
      C:\Windows\win32.ini
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        2⤵
          PID:2732

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
              Filesize

              615KB

              MD5

              44c77ebc9232bb9b2998076b730b6383

              SHA1

              0e04fcfa7ed04e5e9ec6753155186640e252349a

              SHA256

              f7478a3e0e64fb5322c5f400901a9a197d54c063fb5c6a20484b9411f585b7f7

              SHA512

              2bea23d2a8406e2026519c1afb78f52864edc21436e6f3e389195d0f52775f9d5e884baf9866c68d0306fd53de61f6eff934dcabf0484b1caa0e9bf7760c2583

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
              Filesize

              465KB

              MD5

              b88024e47dbc89652cb254f737ccbf77

              SHA1

              2093aaf14d9a6ff4a20b47bac83998a16aef3a6b

              SHA256

              656bd1d6a4b5b6e63e111a8fad539adceae738aa895273068de1cc4ba4bdbfb4

              SHA512

              1872bce2f2646ec8756779263c9c491cc29fdc0a97b25785d035884a459d13fe6ad461238b7b3e8f34a23d4498825d6abcc04b86cf606dc673756ab452888c91

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
              Filesize

              263KB

              MD5

              1a4051ffe9b4e2cf2d8817ae2e801ef9

              SHA1

              ac703d58e81ae3b2b4fc3b2660dd8a4b5ab007ad

              SHA256

              5127ce0da2d85a028a16b19d1d5b11ab44d49dd8a53993e005449fddde28a031

              SHA512

              28024dff989c8f6995f9c782526c009e144a71506021a92b1949964eb5adbf6299b425ab466a2cedb55e0df09c2488e0d278df3283cf2b6e0675d7f1bce652e1

              Download Submit

            • C:\Windows\uninstal.bat
              Filesize

              150B

              MD5

              72f9d376b476a7a6936991161cfeb888

              SHA1

              ea53941d2d65213eed7aac7f29f897ecdb34344f

              SHA256

              061cf610c4430e21066e13c91c49e6885cdcb24501095f1f8839e82d3a1d6a02

              SHA512

              543f9178e376d60544d75981c259bbb4ab603411febb991507c25ddb904bf6e934d05173de5632823d53aaee13ee6f8a623179b26d8a6d134104d47e9dbaeaf5

              Download Submit

            • C:\Windows\win32.ini
              Filesize

              798KB

              MD5

              548cae355cbc569066fa168ce14252ed

              SHA1

              3c9a20dcbfccb8d1ec74dd82bb869c9e43ab9c6e

              SHA256

              9b67a8aefd0df28dc645d75036a9cee451e7285cd8816abcf0e98afb733470bc

              SHA512

              4f51a1d9c9b12ec137025560796d0095d1a78798adc1b0bbbabc487c24891d795ded11aeb2fb2c8485217bc48ac77e1ce8c9e872ade87745962fcda337a6d611

              Download Submit

            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
              Filesize

              594KB

              MD5

              60ac8cc74db8d5edfbeb0b9911de9ea7

              SHA1

              f836fe1ed105fa7c9821bfc0e17f37633f2f05fc

              SHA256

              2333ae24313af3c615c7e94677e285e8ba941ab6d79fd3c6c9815a95a5be9a74

              SHA512

              9c40f412b76986f12a090b2952d6363f01f435e2ea7f1ec67720d6b748692b02ab888674f281f5884c10e862611d111b531f54fa5ebcea6ecb9e8a1b27a32516

              Download Submit

            • \Users\Admin\AppData\Local\Temp\IXP000.TMP\5.exe
              Filesize

              635KB

              MD5

              3c42632d7bfdb8d910ad143084154cff

              SHA1

              e1fc4dba93049defaf6e3a8e68baaea770354670

              SHA256

              74f585263e1d241ea8006e1c43fcbe34df61fb63fa52ca0098bfca3d093e4645

              SHA512

              8a47af4639c051d7cdfc6480b6f2efb21ca6ba0cc7a3d09a5d890c157313ba608cc667bb718c52f0dd9df9e2cf8de87dadbd7bb6e491cc60f0587324f8b65d90

              Download Submit

            • memory/2084-20-0x00000000003C0000-0x00000000003C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2084-34-0x0000000000400000-0x00000000004D1000-memory.dmp

              Filesize

              836KB

              Download

            • memory/2188-6-0x00000000004C0000-0x00000000004C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-1-0x00000000001C0000-0x0000000000214000-memory.dmp

              Filesize

              336KB

              Download

            • memory/2188-8-0x00000000004F0000-0x00000000004F1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-0-0x0000000001000000-0x0000000001113000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2188-5-0x00000000002D0000-0x00000000002D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-4-0x0000000000460000-0x0000000000461000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-9-0x0000000000470000-0x0000000000471000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-3-0x00000000004D0000-0x00000000004D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-2-0x0000000000480000-0x0000000000481000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-10-0x00000000004A0000-0x00000000004A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-35-0x0000000001000000-0x0000000001113000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/2188-7-0x00000000004B0000-0x00000000004B1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2188-36-0x00000000001C0000-0x0000000000214000-memory.dmp

              Filesize

              336KB

              Download

            • memory/2992-27-0x00000000003C0000-0x00000000003C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2992-38-0x0000000000400000-0x00000000004D1000-memory.dmp

              Filesize

              836KB

              Download

            • memory/2992-40-0x00000000003C0000-0x00000000003C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2992-43-0x0000000000400000-0x00000000004D1000-memory.dmp

              Filesize

              836KB

              Download