Analysis
-
max time kernel
141s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/01/2024, 06:25
Static task
static1
Behavioral task
behavioral1
Sample
76a048a5f0dffef604c467411d03e089.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
76a048a5f0dffef604c467411d03e089.exe
Resource
win10v2004-20231215-en
General
-
Target
76a048a5f0dffef604c467411d03e089.exe
-
Size
3.0MB
-
MD5
76a048a5f0dffef604c467411d03e089
-
SHA1
d36b84357825fde8fbd76b788074ce218bccb2a6
-
SHA256
5df915ab2c9d0f52d3aeccbe5c4895f080b204f469a6f29fd55ab76a82aa2dfb
-
SHA512
78d1b9c31edff5ef86095ded30c8cfd4ca34d36f9988ab8924ec89a7a334bb920d168e4dc01bfc2769c37077593c834de23dc11c2ed8403979b4d38c06bb6f35
-
SSDEEP
49152:EQFRHrmQG+yGXGZQPxQtrmQG+yGXJmQG+yb4:EcKdMZ7M
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2860 z.exe -
Loads dropped DLL 2 IoCs
pid Process 2124 76a048a5f0dffef604c467411d03e089.exe 2124 76a048a5f0dffef604c467411d03e089.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main z.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2860 z.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2860 z.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2860 z.exe 2860 z.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2124 wrote to memory of 2860 2124 76a048a5f0dffef604c467411d03e089.exe 28 PID 2124 wrote to memory of 2860 2124 76a048a5f0dffef604c467411d03e089.exe 28 PID 2124 wrote to memory of 2860 2124 76a048a5f0dffef604c467411d03e089.exe 28 PID 2124 wrote to memory of 2860 2124 76a048a5f0dffef604c467411d03e089.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe"C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Users\Admin\AppData\Local\Temp\z.exeC:\Users\Admin\AppData\Local\Temp\z.exe -run C:\Users\Admin\AppData\Local\Temp\76a048a5f0dffef604c467411d03e089.exe2⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2860
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
191KB
MD56112097bef1036a2f25d65a1076218f0
SHA1acbac2570af20d82b070e78d17327bf394159651
SHA256d97cc52c2d68c49bee068aad98cf58ba92f8ac214519e7d3aef10e8054d07ce3
SHA512a58da5d1ee56144276bcd6dab9038115ad52706d44e54dce231e17a06a50eb4dd10fa4dad163d8ffc702519a58b81831884cbb82e3b95ffa395b799bc5ace4be
-
Filesize
143KB
MD5c8a6cbeac1ab261b7a3f4067e39552ec
SHA14d85ce0e0eaf8991b41fe32d5c54199dfdee772f
SHA2569aca7cb5a1a589b914de6c9636976421359e4ab59c96e5ca4c10c183503d38db
SHA5120a550befd49e58413bfcc9d6ad7441071737d74a6efc3c2253d03d55c44f146f974331134e8a4b889a0fd0a22c71a7785ad7ec11a3dcdf93e6cddf5e982987d0
-
Filesize
159KB
MD59138a456eb2270c0fd4315a121cf9ee2
SHA102ef83d591b729f76df6ba2fa82647eefa5ba6db
SHA2566e38766113975cc44fa3bd6f3f3051daaee06d489475c020bdeaa694ef85bb03
SHA512e10c3164d3084cc945d627456d9d66105745cfcb7ad2eee1f89256e2c7da598f888ccb65649bb957b263a1876a12ed0897dd2eb0728d7f3180d822873b2ee88c
-
Filesize
186KB
MD55d964184aca16c16201a66575836b42a
SHA13c7aaaf826f267b0662fc32b2a4b9647413b8479
SHA256bc0fd1c0e1fa654089a10c91dae6b7347a3e4e02fcdb16fbdee1ed420f7b5c76
SHA51229b9a3e060f97b47cf7d13105b6209ccd5580a34fd42326903d8b3063a1157020a673ebe678542e0c0b8645921dc64d72318f3bf2eeaaa6e3baa7557c4966889
-
Filesize
146KB
MD53786e762fcc7a0e688f529ba7b349f12
SHA14603d9a60a633b1f2680c1866cab9c892cec9f96
SHA256984fbdd7ba49f3466730d5f907693fd7ba8263894bfcc2a30c26ffdc45c2fb8a
SHA5129d7c2e4aa03128c3c2d7979008962e2c744a92b0b6f71c301abd771275fbf85e6c20164594577036f2df5101b93b71ba0841da8f6a0c07e3658351876a563ff8