Overview

overview

5

Static

static

5

d06324e91d...c5.exe

windows7-x64

5

d06324e91d...c5.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-02-2024 05:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d06324e91d5b7f81c9a144fb520c5896f82899271c1632ee0fbc0687a17cc4c5.exe

  • Size

    949KB

  • MD5

    3785efc90f48f4d73f80ac7c8a681cca

  • SHA1

    e7bf26ad61392721a29b952794d72dc6f776e17d

  • SHA256

    d06324e91d5b7f81c9a144fb520c5896f82899271c1632ee0fbc0687a17cc4c5

  • SHA512

    249e4ddd349473f2469bf6a1e66c90c8478e94d2247c01f2d7338fb5caf6eec10560b88fdb850cc90de4ed3c70e24ff2bb09dce576f5b78940c682e13cae6f59

  • SSDEEP

    24576:aRmJkcoQricOIQxiZY1iaK4hL8NzjA3xBJ4tgajm:/JZoQrbTFZY1iaKJlA3HSgaS

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d06324e91d5b7f81c9a144fb520c5896f82899271c1632ee0fbc0687a17cc4c5.exe
    "C:\Users\Admin\AppData\Local\Temp\d06324e91d5b7f81c9a144fb520c5896f82899271c1632ee0fbc0687a17cc4c5.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\SysWOW64\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\d06324e91d5b7f81c9a144fb520c5896f82899271c1632ee0fbc0687a17cc4c5.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:840
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3488
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\SysWOW64\regsvr32.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1576
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:540

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut48D0.tmp
      Filesize

      123KB

      MD5

      fa472dda6c1ee62dcd53b5755920ac22

      SHA1

      bf2514dd677d675a56567b07587c824959bc66e3

      SHA256

      2ea015144400f6389de4fffa220181530dafb6c93e6e4a115084dd84b1d901c9

      SHA512

      3ef18304cbadc3d520119e5388d23a4d308c5243f8126758d5e36a6de82137b5bc44cbb2477616bcdbc18f31b040f61cb7cd63842c13df64acb05662b4b47eac

      Download Submit

    • memory/840-24-0x0000000000BE0000-0x0000000000BFE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/840-14-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/840-13-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/840-15-0x0000000001400000-0x000000000174A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/840-16-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/840-19-0x0000000000BE0000-0x0000000000BFE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/840-18-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/840-17-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/840-23-0x0000000000400000-0x000000000043E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/1576-21-0x0000000000B90000-0x0000000000BCA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1576-22-0x0000000000B90000-0x0000000000BCA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1576-26-0x0000000000B90000-0x0000000000BCA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/1576-25-0x0000000002CD0000-0x000000000301A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1576-27-0x0000000002A90000-0x0000000002B2D000-memory.dmp

      Filesize

      628KB

      Download

    • memory/1576-29-0x0000000000B90000-0x0000000000BCA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/3488-20-0x000000000DA10000-0x0000000010439000-memory.dmp

      Filesize

      42.2MB

      Download

    • memory/3488-28-0x000000000DA10000-0x0000000010439000-memory.dmp

      Filesize

      42.2MB

      Download

    • memory/3488-30-0x0000000008E20000-0x0000000008F2F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3488-31-0x0000000008E20000-0x0000000008F2F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3488-38-0x0000000008E20000-0x0000000008F2F000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4228-12-0x0000000002EE0000-0x0000000002EE4000-memory.dmp

      Filesize

      16KB

      Download