Overview

overview

7

Static

static

3

75f7bea211...eb.exe

windows7-x64

7

75f7bea211...eb.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-01-2024 00:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75f7bea211000e2ceb493707b3fe39eb.exe

  • Size

    166KB

  • MD5

    75f7bea211000e2ceb493707b3fe39eb

  • SHA1

    a1468d137351b3241c7fa79d601c732a8f29bcc4

  • SHA256

    2f10752172c62b567158e7877923d22f0d89ffc3c1897b62f344be588a266a0c

  • SHA512

    4603eccf76a6d9f96217debda2cc2b299f373ece9be7e3ff61f66e4b5c7edd8c4f6f50e8b67d9439a34abcbe52b5688bfc845d5a43550e09e115425639e8afb5

  • SSDEEP

    3072:t4TBeNXm+ApSHXaa3C6uji+LDssZDdWGH8cowPiTpgXqVEqOy:t8BexApSHXaa3C6u2v0dWGH8cowPRamq

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 6 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75f7bea211000e2ceb493707b3fe39eb.exe
    "C:\Users\Admin\AppData\Local\Temp\75f7bea211000e2ceb493707b3fe39eb.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Windows\Hbogya.exe
      C:\Windows\Hbogya.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      PID:2144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Hbogya.exe
    Filesize

    166KB

    MD5

    75f7bea211000e2ceb493707b3fe39eb

    SHA1

    a1468d137351b3241c7fa79d601c732a8f29bcc4

    SHA256

    2f10752172c62b567158e7877923d22f0d89ffc3c1897b62f344be588a266a0c

    SHA512

    4603eccf76a6d9f96217debda2cc2b299f373ece9be7e3ff61f66e4b5c7edd8c4f6f50e8b67d9439a34abcbe52b5688bfc845d5a43550e09e115425639e8afb5

    Download Submit

  • C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
    Filesize

    344B

    MD5

    297291f4545f6a6ef30706bf9e4848dc

    SHA1

    70777658cfabc15a261a446e8ba73a532f65f01a

    SHA256

    3871590158c5bc16fd764e9a9202ea28be02119f2075e380f0924d06bf06b669

    SHA512

    f17deb06a8bf9694299ed5774402f569ef467f9677d070e6cefc7554951f73b10f67965e71ac150c5afa0dc1dc8667fb958d0defde6638a2daba106a98f48d60

    Download Submit

  • memory/1308-0-0x0000000000330000-0x000000000034C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1308-1-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1308-6794-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/1308-19852-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2144-8-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2144-14693-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2144-29140-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2144-39544-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download