Overview

overview

7

Static

static

3

8b501f7de3...81.exe

windows7-x64

7

8b501f7de3...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2024, 03:46

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8b501f7de309b25a1628d7c15804ef81.exe

  • Size

    655KB

  • MD5

    8b501f7de309b25a1628d7c15804ef81

  • SHA1

    63dada412cf160bff55bf921910668b600aac72a

  • SHA256

    071ef94f61b04836c1d9f1d51261f7374db152565052a23d07a09cb1ea356417

  • SHA512

    1aad4678c3bfc3bea5a111178e018163d185ffe18517ed03159c016d6fd2212891305224bb76c5ef922347847dfd49b75d0b246863887226f9f74abd99a1bc27

  • SSDEEP

    12288:UaKWrTjY4RICctN/uscqta6g/MnTz+m4P01vuOXKFsWMX1Rg:FKUTjYoICczmscOaKTiDPX1zv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b501f7de309b25a1628d7c15804ef81.exe
    "C:\Users\Admin\AppData\Local\Temp\8b501f7de309b25a1628d7c15804ef81.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4104
    • C:\Program Files\Server.exe
      "C:\Program Files\Server.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2964
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe"
        3⤵
          PID:400
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 12
            4⤵
            • Program crash
            PID:3672
        • C:\program files\internet explorer\IEXPLORE.EXE
          "C:\program files\internet explorer\IEXPLORE.EXE"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1452
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1452 CREDAT:17410 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2828
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Program Files\Delet.bat""
        2⤵
          PID:3540
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 400 -ip 400
        1⤵
          PID:2204

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\Delet.bat
                Filesize

                184B

                MD5

                db1129d0b8e0283be8a8ebec352a740e

                SHA1

                7c70d93f4cff4fb3a8af142ed35f9c38ad6c5408

                SHA256

                37613ef10a2ed7ff5fe468f1528ff2b2ad7aca6edd90907291797cee41f20b04

                SHA512

                78c88c1cfb6f1f463eaf0a2f80bf3dd6d833af5db56bdc131228e515b26320452e77b04d46d97f1d3fbc13f7f4f0180ba2a3862ee173727b882ffcbc1eff374e

                Download Submit

              • C:\Program Files\Server.exe
                Filesize

                655KB

                MD5

                8b501f7de309b25a1628d7c15804ef81

                SHA1

                63dada412cf160bff55bf921910668b600aac72a

                SHA256

                071ef94f61b04836c1d9f1d51261f7374db152565052a23d07a09cb1ea356417

                SHA512

                1aad4678c3bfc3bea5a111178e018163d185ffe18517ed03159c016d6fd2212891305224bb76c5ef922347847dfd49b75d0b246863887226f9f74abd99a1bc27

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                471B

                MD5

                cb99b6d5040641081530ef8f6049f1aa

                SHA1

                3fa9e3148cbee0e561da3787919043483ee5e5c0

                SHA256

                3e1607026f332ae19539f0621c8b18c820245d196febf8bf258253667ebc94d8

                SHA512

                13cdc5995fa4741d474c00491ea55b26101a88ee3495327950249e8bef1e16de29f46d0c1ffef3682eac0e041f0b06545d51ef8152a33606f0e13fe35e6a1d83

                Download Submit

              • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
                Filesize

                404B

                MD5

                5543a664c488a28b5e92a91f214d7f97

                SHA1

                4bac04b452d1af3398f60801053623e37b4da064

                SHA256

                bb92e7edbbcd811196dcc912446eb94030f7e4f3e2901e7aa5cc1feef00e33b6

                SHA512

                f1c58dda3514c984fb29130e9e35c2e1a4a1ef7c36ec6a3424e5d21990764cde0168a645d7fc8a892d87af92cd628fc7e425cc77be6f7dea46597902c230db02

                Download Submit

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6AXLYU2E\suggestions[1].en-US
                Filesize

                17KB

                MD5

                5a34cb996293fde2cb7a4ac89587393a

                SHA1

                3c96c993500690d1a77873cd62bc639b3a10653f

                SHA256

                c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                SHA512

                e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                Download Submit

              • memory/400-108-0x0000000000500000-0x00000000006C6000-memory.dmp

                Filesize

                1.8MB

                Download

              • memory/1452-113-0x00000000003F0000-0x00000000005B6000-memory.dmp

                Filesize

                1.8MB

                Download

              • memory/4104-56-0x0000000003A90000-0x0000000003A91000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-50-0x0000000003A00000-0x0000000003A01000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-12-0x00000000035C0000-0x00000000035C1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-11-0x00000000025E0000-0x00000000025E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-9-0x0000000002620000-0x0000000002621000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-13-0x00000000035B0000-0x00000000035B3000-memory.dmp

                Filesize

                12KB

                Download

              • memory/4104-14-0x00000000036B0000-0x00000000036B1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-8-0x0000000002630000-0x0000000002631000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-7-0x00000000025C0000-0x00000000025C1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-6-0x00000000025D0000-0x00000000025D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-5-0x0000000002640000-0x0000000002641000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-4-0x00000000025F0000-0x00000000025F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-15-0x0000000003600000-0x0000000003601000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-31-0x0000000003650000-0x0000000003651000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-30-0x0000000003660000-0x0000000003661000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-36-0x00000000036C0000-0x00000000036C1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-38-0x00000000037D0000-0x00000000037D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-42-0x0000000003810000-0x0000000003811000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-51-0x0000000003A30000-0x0000000003A31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-65-0x0000000003A40000-0x0000000003A41000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-64-0x00000000039F0000-0x00000000039F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-63-0x0000000003A10000-0x0000000003A11000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-62-0x00000000039E0000-0x00000000039E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-61-0x0000000003B10000-0x0000000003B11000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-60-0x0000000003B20000-0x0000000003B21000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-59-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-58-0x0000000003AD0000-0x0000000003AD1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-57-0x0000000003AB0000-0x0000000003AB1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-3-0x0000000002610000-0x0000000002611000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-54-0x0000000003A70000-0x0000000003A71000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-10-0x0000000002650000-0x0000000002651000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-55-0x0000000003AA0000-0x0000000003AA1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-43-0x0000000003850000-0x0000000003851000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-53-0x0000000003A80000-0x0000000003A81000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-49-0x00000000039D0000-0x00000000039D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-48-0x0000000003880000-0x0000000003881000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-47-0x0000000003890000-0x0000000003891000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-46-0x0000000003860000-0x0000000003861000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-45-0x0000000003870000-0x0000000003871000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-44-0x0000000003840000-0x0000000003841000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-52-0x0000000003A50000-0x0000000003A51000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-41-0x0000000003820000-0x0000000003821000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-40-0x00000000037F0000-0x00000000037F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-39-0x0000000003800000-0x0000000003801000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-37-0x00000000037E0000-0x00000000037E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-35-0x0000000003690000-0x0000000003691000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-34-0x00000000036A0000-0x00000000036A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-33-0x0000000003670000-0x0000000003671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-32-0x0000000003680000-0x0000000003681000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-29-0x0000000003630000-0x0000000003631000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-28-0x0000000003640000-0x0000000003641000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-27-0x0000000003610000-0x0000000003611000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-26-0x0000000003620000-0x0000000003621000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-25-0x0000000002930000-0x0000000002931000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-24-0x0000000002720000-0x0000000002721000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-23-0x00000000027D0000-0x00000000027D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-2-0x00000000023C0000-0x0000000002414000-memory.dmp

                Filesize

                336KB

                Download

              • memory/4104-1-0x0000000000B90000-0x0000000000B91000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-0-0x0000000000400000-0x00000000005C6000-memory.dmp

                Filesize

                1.8MB

                Download

              • memory/4104-22-0x00000000035D0000-0x00000000035D1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-21-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-20-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-19-0x0000000002670000-0x0000000002671000-memory.dmp

                Filesize

                4KB

                Download

              • memory/4104-16-0x00000000025B0000-0x00000000025B1000-memory.dmp

                Filesize

                4KB

                Download