Overview

overview

7

Static

static

3

757d8adc8e...67.exe

windows7-x64

7

757d8adc8e...67.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/01/2024, 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    757d8adc8e790e3f50fde6f7bc9f3b67.exe

  • Size

    33KB

  • MD5

    757d8adc8e790e3f50fde6f7bc9f3b67

  • SHA1

    93f95eda354a1f03abfec6560487c3b716db57e6

  • SHA256

    dbc5b5f18576201079c60901496ee67ea6e845d215281c93e45641635c4a6807

  • SHA512

    5274780bdcdc680931b5c78873b2aad9b3bea509dba58762ea47f9b250d1ab532e8c5e6a7f9b12152a6023f3074ddb2e3e0644d6bea712fec735254139885250

  • SSDEEP

    768:BHGnQ8tITjMGA3zBC2bVJwPlWx7Ik6xpzMVz0+lHR:loJWHOC2bDtSYVzHR

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Modifies WinLogon 2 TTPs 7 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\757d8adc8e790e3f50fde6f7bc9f3b67.exe
    "C:\Users\Admin\AppData\Local\Temp\757d8adc8e790e3f50fde6f7bc9f3b67.exe"
    1⤵
    • Loads dropped DLL
    • Modifies WinLogon
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3368
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:1748
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3256
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3256 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4960
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\757d8adc8e790e3f50fde6f7bc9f3b67.bat"
      2⤵
        PID:1692
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\gos686E.bat"
        2⤵
          PID:2900

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        1d7f25dc2d6699e79619c31ff8908f6c

        SHA1

        de3c1be6c3f3e7f6eadbe715ae575794e5bf1221

        SHA256

        845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e

        SHA512

        7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        40cc2c0b296a5bc0353699460423c8e7

        SHA1

        5946c706af72b9b2460fd24ceb2d404ed50aaf07

        SHA256

        8e33c4510c5d87da2a034574f8d243fbb63fc1d91b8ddf93112f4a13f7bc7e67

        SHA512

        443561024ce4bca5349fdaea77bdd16293d7b531893362878aed8104fb8e6b216257ac0ad9608daae4b8f3e69a8ddb2313cda3cbcbd4c46a70cfb1f6dfae5f33

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BP0ZYM9B\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\757d8adc8e790e3f50fde6f7bc9f3b67.bat
        Filesize

        265B

        MD5

        3aa52b1c5c109126f2d55a9a28cb09dc

        SHA1

        621943778d8a6afde125f05f37867808b0218b41

        SHA256

        32c6dd15d5ae3614726149b1ea3a6db1a92e74db9bdafc22032b3abce5553fc6

        SHA512

        787b82cb4135a074f0d132ba1d7b8df37463971fda430755bac8c82bf1fd84ce55e1b239aeabcda0acde1ac093443ecc1908f51900f5a5b9e500b3856c334a9a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\gos686E.bat
        Filesize

        190B

        MD5

        bbe29b88450ac3b2fa5e2fa97eb8a45b

        SHA1

        192c95367a587d8287aafff09b91404c67eaa6ac

        SHA256

        c44f921eb33f6759a85692e4fecd7c4f071089544b4a369bd8525e39c8d6403d

        SHA512

        1db918fe288be691fe7b9a49d88b6ab6d16f83c152954b36327df79f74106694ac1f56e26a4e52de3e07be9f30f55854f9d742ca0f9b41709170a81e8947443f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\gos686E.tmp
        Filesize

        23KB

        MD5

        fb72de2fe18621da4e7a2244d7cce63b

        SHA1

        e411aca4c5cced8a5e60cccfbd2389cf4aad133a

        SHA256

        93af7c9170644637df67c5a1b4ba387802f79ce7179114924157bc4fc897b807

        SHA512

        4421de381e7cb0384cef9b84ba52e3f0798147ae9c69e2a0d42c4a38d2f17a821b2d230e15178b18cf2120ffd232120bff8ddf0d29aa9de15ef5a2b381c06207

        Download Submit

      • memory/3368-5-0x0000000010000000-0x0000000010010000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3368-19-0x00000000001C0000-0x00000000001C6000-memory.dmp

        Filesize

        24KB

        Download

      • memory/3368-18-0x0000000010000000-0x0000000010010000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3368-17-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/3368-8-0x0000000000590000-0x0000000000596000-memory.dmp

        Filesize

        24KB

        Download

      • memory/3368-0-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/3368-1-0x00000000001C0000-0x00000000001C6000-memory.dmp

        Filesize

        24KB

        Download