Overview

overview

7

Static

static

3

867e8691ec...8c.exe

windows7-x64

7

867e8691ec...8c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    867e8691ecd50b6a61c7ec8de1b2de8c.exe

  • Size

    702KB

  • MD5

    867e8691ecd50b6a61c7ec8de1b2de8c

  • SHA1

    aa094c32cf46cdb30283e17f8166083c37da8207

  • SHA256

    b2f6ff455d8821bd69c16c1aba4931727f5ee558609787675a9b3f057bfe1480

  • SHA512

    fa97d3a1e417065472754b2216946630d4f583e16f4bb3a7b95b65968e7697a23e4e597895110bdf5e718ffcfae7fb098912c141df7742422250d74dae4e320b

  • SSDEEP

    12288:nRycOktU4g/n/t0EW5A0z/FvJwQ5oalK+Gh39Mva7Ik61QQ52LwRg08y5wj1FP:RxJU4gf2EW5A25Jr1kD39MvmIk6d32

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\867e8691ecd50b6a61c7ec8de1b2de8c.exe
    "C:\Users\Admin\AppData\Local\Temp\867e8691ecd50b6a61c7ec8de1b2de8c.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1116
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\UNINSTAL.BAT
      2⤵
      • Deletes itself
      PID:2788
  • C:\Windows\win.com.cn.ini
    C:\Windows\win.com.cn.ini
    1⤵
    • Executes dropped EXE
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\WINDOWS\SysWOW64\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      2⤵
        PID:2792

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\UNINSTAL.BAT
      Filesize

      186B

      MD5

      db08786dd3528ee23cf3abb136a2cf49

      SHA1

      446c30be6fd8d486e1822566811ff2118e459bdc

      SHA256

      5ea7936d61f24e9b3479ef1bc2b0dff875094eca90e8f6061ad1c7394f0c98f7

      SHA512

      599c32fefa3728a0480c6e24abeb17a3c796fb1507597c26a55b8f36eaeb0df5a8c9603d8fda632b592d020ebe1ff5d19af88a3c5443252e8e499d70ae8a47a7

      Download Submit

    • C:\Windows\win.com.cn.ini
      Filesize

      702KB

      MD5

      867e8691ecd50b6a61c7ec8de1b2de8c

      SHA1

      aa094c32cf46cdb30283e17f8166083c37da8207

      SHA256

      b2f6ff455d8821bd69c16c1aba4931727f5ee558609787675a9b3f057bfe1480

      SHA512

      fa97d3a1e417065472754b2216946630d4f583e16f4bb3a7b95b65968e7697a23e4e597895110bdf5e718ffcfae7fb098912c141df7742422250d74dae4e320b

      Download Submit

    • memory/1116-0-0x0000000000340000-0x0000000000341000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1116-13-0x0000000000400000-0x00000000004C1F6C-memory.dmp

      Filesize

      775KB

      Download

    • memory/2348-4-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-21-0x0000000000400000-0x00000000004C1F6C-memory.dmp

      Filesize

      775KB

      Download

    • memory/2792-14-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2792-16-0x0000000000400000-0x00000000004C2000-memory.dmp

      Filesize

      776KB

      Download

    • memory/2792-18-0x0000000000400000-0x00000000004C2000-memory.dmp

      Filesize

      776KB

      Download