Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/01/2024, 17:43
General
-
Target
751fc385dcf3ad8c41c8d00215440661.exe
-
Size
194KB
-
MD5
751fc385dcf3ad8c41c8d00215440661
-
SHA1
7c33b6b9e3b4bccc9bc22cbe01872352d449b103
-
SHA256
abfcaae1e6f7b625f4688110bf96be20f1d09817dc3cfb489bbba117705c229b
-
SHA512
830a9d492570997746ad5b099d9e6f463829d1ae44eb6864620d2012d5429854542d75a42e56b295cd9022de8972d2091ffdf86db0ba0cf4fcd36daca340da76
-
SSDEEP
6144:eEJudAILVANvA/o/u549UGSiSbs4IEYRz5:eE0+QVovAYu5hbs4IBRF
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 53 IoCs
Processes
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\751fc385dcf3ad8c41c8d00215440661.exe"C:\Users\Admin\AppData\Local\Temp\751fc385dcf3ad8c41c8d00215440661.exe"2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Omewefx\ytpiwuh.exe"C:\Users\Admin\AppData\Roaming\Omewefx\ytpiwuh.exe"3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpfe68d2f1.bat"3⤵
- Deletes itself
-
-
-
C:\Windows\system32\Dwm.exe"C:\Windows\system32\Dwm.exe"1⤵
-
C:\Windows\system32\taskhost.exe"taskhost.exe"1⤵
-
C:\Program Files\Windows Mail\WinMail.exe"C:\Program Files\Windows Mail\WinMail.exe" -Embedding1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
-
C:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD521ed508ffac6c559b590e0fadaa7b446
SHA10adfd57e5219a969eef415c7a423257b86c4cb7e
SHA256026def5ec46acb55ddfeca12e3c80e89bf58441791892abbc967e3a6616fb7cb
SHA512720f831b7c1de506048aa9f8c4aef8c418f36ded0c6974820116dfa480ce8aaeeeb5059775d63d8b3833150fa96b11682efd2637771faf21639f7a7b7f13577d
-
Filesize
243B
MD5e458233b9430c8eae7d7e296bc014361
SHA1a5751d5114d15a6c0eff86678821d292a1479d47
SHA2565cb9956293529bd37e28c7d4d56b3a79e3fc4663a5aa1a8ae56883feddedc1ac
SHA512810616082e7a9773cddaccf081d9d348ae13844c298ee2b50b2d7a8d0025864c3dfa773ae776628c3a1c8d7ffb276139aa1a61b92c6b8755b253b01a315fa6c8
-
Filesize
366B
MD5f93cbab54a0b827ed948744bdc0dffde
SHA1bcdd643aceee1c23ec34b66c7dbe4e9183f5971d
SHA25669c340296247b38e1bcaf987190d60eb1a727a0f17c7abd3b13d6756018216f5
SHA512f03446de6599e6994d91d67382cc0332f63b9fb2ce44cdc6fb22752efe02c690a6ad5dae945f6bf7c4a1dd14f033c2d093f3e0188c97990bba31e254abe9bf41
-
Filesize
194KB
MD51a22d08fb4e622f82bbe45f3c1b1eb2b
SHA1c6190c0d7409650d4c28dcd411b5b5bbca278f13
SHA256088466cc22a067bed625d012e88d0abfb4ab55da67f1c2928f4fd53018c56e88
SHA512c25f10d69944ae9891c16360e8fc2fea1fb5f85076b370f178796537f01fb39c91a8012f5f75d10f98448c628c619aab49baba9a2527a439430a9f7761183e6e
-
Filesize
268KB
-
Filesize
268KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
268KB
-
Filesize
156KB
-
Filesize
156KB
-
Filesize
268KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
268KB
-
Filesize
268KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
4KB
-
Filesize
156KB
-
Filesize
4KB