383f295f0b57718cbd0c99865fe5b27c9f926a486cf04f67f781746bfc2ae71c

Analysis

max time kernel
163s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

790bdfac79d185982d122d9e543afd74.exe
Size

587KB
MD5

790bdfac79d185982d122d9e543afd74
SHA1

2f70d0b4be975636fbfdbf897983f9f4fb463e6e
SHA256

383f295f0b57718cbd0c99865fe5b27c9f926a486cf04f67f781746bfc2ae71c
SHA512

1a1c49ff7b7a76ca7f18fd7e5eed0ed4d9114ff3347a50fac5b3723c4916b1cc8fcd21f7e0e723eeb6b3733abcd106c7a265a2d3deaa1422ae1f85fc6127879b
SSDEEP

12288:umqaR/QvkuaXUmZl1r8IfeCNBT5JYF3Z4mxxEoEtlK+kt9T2MBf:umh4/6RfeUfJYQmX9G8f

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2920	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
1084	Windows Aues

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Windows Aues	790bdfac79d185982d122d9e543afd74.exe
File created	C:\Windows\Delete.bat	790bdfac79d185982d122d9e543afd74.exe
File created	C:\Windows\Windows Aues	790bdfac79d185982d122d9e543afd74.exe

Modifies data under HKEY_USERS 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	Windows Aues
Set value (int)	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel = "1"	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\System	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties	Windows Aues
Key created	\REGISTRY\USER\.DEFAULT\SYSTEM\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick	Windows Aues

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1084	Windows Aues

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 2924	1084	Windows Aues	30
PID 1084 wrote to memory of 2924	1084	Windows Aues	30
PID 1084 wrote to memory of 2924	1084	Windows Aues	30
PID 1084 wrote to memory of 2924	1084	Windows Aues	30
PID 2840 wrote to memory of 2920	2840	790bdfac79d185982d122d9e543afd74.exe	29
PID 2840 wrote to memory of 2920	2840	790bdfac79d185982d122d9e543afd74.exe	29
PID 2840 wrote to memory of 2920	2840	790bdfac79d185982d122d9e543afd74.exe	29
PID 2840 wrote to memory of 2920	2840	790bdfac79d185982d122d9e543afd74.exe	29

C:\Users\Admin\AppData\Local\Temp\790bdfac79d185982d122d9e543afd74.exe
"C:\Users\Admin\AppData\Local\Temp\790bdfac79d185982d122d9e543afd74.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\Delete.bat
  2⤵
  - Deletes itself
  PID:2920

C:\Windows\Windows Aues
"C:\Windows\Windows Aues"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
  2⤵
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Delete.bat

Filesize
186B

MD5
7063e659f81f12b0e14c044b4cd7cd1d

SHA1
9d0618b1ef1b4a138fa0324e578bab126e4e8169

SHA256
956f31ddae69077199250610599ff7e77ef9d142e8bfcba83f0a50c0e43b0a65

SHA512
a7873ff04a2a36d0763801e19aa40abd64b790a0ce9127a34669631ebe9f8654aff45fa738bfd32af78cd7df3f8ac815c2f3c1a042cdfe05ae532fb1835d6304

Download Submit
C:\Windows\Windows Aues

Filesize
96KB

MD5
1270dd0b4df0219ae256026cea0a4b73

SHA1
4d7374c9a3610b4debd723bbbcd0741605ac5289

SHA256
d61a919b1e199f7682f8d64f7dd5e26488e6356380d9cea1aa337676779f24c5

SHA512
288d56aecc5b8494b7c3f088aeec4ca35e1a79b8f7cb24a959c79e574c374faed812e7379225fb3f39443a2e6b4b7825fe6f724999d4a39b3c6b0d22ca1b6437

Download Submit
C:\Windows\Windows Aues

Filesize
247KB

MD5
d8850e2b57cb2a1683016ff8453c0d96

SHA1
1d1953bd9aed9d776be2d222adea58084c42789f

SHA256
d297556d8b10aedb21cdff0596af04c3ac5619f8e51c23f1c8bb43940d19b12a

SHA512
e0ac7051e78ca3416244b1d1e02309a8970432a4e3342ec0ce6a44be0e04d604cb01db4915c097446d3fbbc36728dc89ffabd28b97777b528e64cbe550c50707

Download Submit
memory/1084-119-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2840-1-0x00000000002A0000-0x00000000002F4000-memory.dmp

Filesize
336KB

Download
memory/2840-2-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2840-0-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download
memory/2840-3-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2840-4-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/2840-5-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2840-6-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2840-7-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2840-9-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2840-8-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2840-11-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-10-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-14-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-15-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-16-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-17-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-18-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-19-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-20-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-22-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-21-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-23-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-24-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-26-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-25-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-27-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-29-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-28-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-30-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-33-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-35-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-34-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-38-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-37-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-39-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-41-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-42-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-40-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-44-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-43-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-36-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-32-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-45-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-46-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-47-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-31-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-48-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-51-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-54-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-53-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-52-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-50-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-49-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-55-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-56-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-59-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-64-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-65-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-63-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-62-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-61-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-60-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-58-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-57-0x00000000033D0000-0x00000000034D0000-memory.dmp

Filesize
1024KB

Download
memory/2840-116-0x0000000000400000-0x000000000054F000-memory.dmp

Filesize
1.3MB

Download