Overview

overview

7

Static

static

3

8c4ff6edc9...19.exe

windows7-x64

7

8c4ff6edc9...19.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03-02-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c4ff6edc99105c40e6ea80942b62519.exe

  • Size

    304KB

  • MD5

    8c4ff6edc99105c40e6ea80942b62519

  • SHA1

    8135e9b5b8810dff6130da2de78ce287a98def37

  • SHA256

    40f12f633dc02947e5618f905b7f7ed0d7be5d26122a89cd0b4b8fbe9c7f05ec

  • SHA512

    fe55c8493398eb886ddd2fbca9fefa5b6e115e6901e33e9c919e07ee57bb1310f454bb3b057437e385e51dee531a230487c135f714077327e10349adfe7408e3

  • SSDEEP

    6144:ipO0DAlw/SrYaWy9WJGNppRrk3hzOD0jAWgCP2/HKR0+bgVdIL2B7K7RhTwp:1+/SrXWy9WkNXRrszO6gCu/HK3gVdISl

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c4ff6edc99105c40e6ea80942b62519.exe
    "C:\Users\Admin\AppData\Local\Temp\8c4ff6edc99105c40e6ea80942b62519.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\WINDOWS\SysWOW64\SkypeClient.EXE
      "C:\WINDOWS\system32\SkypeClient.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\SkypeClient.EXE
    Filesize

    240KB

    MD5

    7311e55f12cc248d08211e46fd4d2369

    SHA1

    3b68b0fef1e1ab9975b75f68917042039c3fc4be

    SHA256

    e62a98d8850e7940f215d16d76967b9654b607f74f158ebe4e2eedfaa8933d66

    SHA512

    be48f73f966faa4b7e285b1944a075ba6f38a55133304071009654af3846454b18b6aaa159f8896544291ea31a04af382310c19cad240ecb8c67faae0461e4af

    Download Submit

  • memory/1276-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1276-10-0x0000000000400000-0x00000000004FE000-memory.dmp

    Filesize

    1016KB

    Download

  • memory/1276-12-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1276-32-0x0000000000400000-0x00000000004FE000-memory.dmp

    Filesize

    1016KB

    Download