Overview

overview

7

Static

static

3

87ada9411c...2c.exe

windows7-x64

7

87ada9411c...2c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 19:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    87ada9411ca9c8fe0d7285d5d5b4022c.exe

  • Size

    9KB

  • MD5

    87ada9411ca9c8fe0d7285d5d5b4022c

  • SHA1

    446a79298b29ed53037d4a9b837242167f9849e7

  • SHA256

    3d21f36bb30e876980868e9de4dfb85d21d07a90c5c7f99fe6061d6a28559ebd

  • SHA512

    4ed61da98cec016368936bdf57567c143ce664ccca9eab250dad94d0c3471ce9da00690bb781591aa086187f85e1dddcaa74a30b79007ce3bf7f8c8539b52e14

  • SSDEEP

    192:XjeNsUi++ipsz9SJK1GMmBCIGISDI9m4iYVys52E:XWS9ffmUU9m4N51

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87ada9411ca9c8fe0d7285d5d5b4022c.exe
    "C:\Users\Admin\AppData\Local\Temp\87ada9411ca9c8fe0d7285d5d5b4022c.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Windows\SysWOW64\z1428.exe
      "C:\Windows\system32\z1428.exe" C:\Users\Admin\AppData\Local\Temp\87ada9411ca9c8fe0d7285d5d5b4022c.exe
      2⤵
      • Checks computer location settings
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2424
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:972
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:972 CREDAT:17410 /prefetch:2
          4⤵
          • Loads dropped DLL
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4872

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          164c747ec05b351867ac47fb8ac89dcb

          SHA1

          d814dbedc7356af4d274b907692c28baea48dba0

          SHA256

          e675e63c991701c36625eb6ef0d2e009c743f7a6843192f74bd10ac641503181

          SHA512

          895663660c26f74561154925fd7ef4c2ee7e8fe0ad25985f7ed51ceadb476d576450c8c57aa8e8ea350be398b491f0bb5fe54744d7d1e625e4ab97a93b375643

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          60126f7e4227110008bee4a9b1ed5694

          SHA1

          7a0e10d01afdeb634900b774e7d37c4f736f7950

          SHA256

          c917d95b7fdf239b31f30f08e5bb621c0d7459f2b4eeb73fcfcf372cdb4ffebb

          SHA512

          87ef9a9fbbf7408188894301131ebe0bc02652bb6d9dbeaccff90e46775504fa8a9957f7f9954d91882b2b388fb407579db9e64f70e38da62f4ee78621db7526

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\Z0UNWU5J\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Windows\SysWOW64\z1428.exe
          Filesize

          9KB

          MD5

          87ada9411ca9c8fe0d7285d5d5b4022c

          SHA1

          446a79298b29ed53037d4a9b837242167f9849e7

          SHA256

          3d21f36bb30e876980868e9de4dfb85d21d07a90c5c7f99fe6061d6a28559ebd

          SHA512

          4ed61da98cec016368936bdf57567c143ce664ccca9eab250dad94d0c3471ce9da00690bb781591aa086187f85e1dddcaa74a30b79007ce3bf7f8c8539b52e14

          Download Submit

        • C:\Windows\SysWOW64\z3308.dll
          Filesize

          20KB

          MD5

          3e87feb444edbcc7888e79aafcda3ea8

          SHA1

          cf85971aa314e172e9e6f14781f69584d5db9c32

          SHA256

          47c87bdc099fd9a6511c75790c25d27989fe91323521d30c1789c0eb6356740b

          SHA512

          319468dbad20e686d1279dfe1b7007a429126d7c6126a2246f145ffbb929768726ed99293ace8ab7de98342c520da6bfd8cd09ff8af302771fc288bc92c586d6

          Download Submit

        • memory/740-0-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/740-1-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/740-3-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download

        • memory/2424-20-0x0000000000400000-0x000000000040F000-memory.dmp

          Filesize

          60KB

          Download