Overview

overview

7

Static

static

3

cuenta iban-ES65.exe

windows7-x64

7

cuenta iban-ES65.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cuenta iban-ES65.exe

  • Size

    814KB

  • MD5

    daeeb64bc3b2ca69d5062b932d9f5486

  • SHA1

    d958e304dbd45b11f414034799e005510ff2d94d

  • SHA256

    8634a3db542e996337729ffab3913e48633f6422d1cde9a6f743a42a3bf75679

  • SHA512

    6db8fc36dfd4b0ce9c4e15f27c25760cd361f78bffbc8e39796f846f324b58fb90800fe9ca6c1f2e35f415ae7ba880730aeaa4a90621bb1634b7c12e04742d0a

  • SSDEEP

    12288:6JTQdb6aT/+OkC2WOPASrfuhheB0IyXUJW+QiAukU30+9Ir/CSQC:mTQdb6aTfkC2WOIOI4qIwUk+T/G/CA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Users\Admin\AppData\Local\Temp\cuenta iban-ES65.exe
      "C:\Users\Admin\AppData\Local\Temp\cuenta iban-ES65.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Users\Admin\AppData\Local\Temp\cuenta iban-ES65.exe
        "C:\Users\Admin\AppData\Local\Temp\cuenta iban-ES65.exe"
        3⤵
        • Suspicious use of NtCreateThreadExHideFromDebugger
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1144
    • C:\Windows\SysWOW64\rasautou.exe
      "C:\Windows\SysWOW64\rasautou.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      PID:5112
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1332 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3992

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsa6EE7.tmp\System.dll
      Filesize

      11KB

      MD5

      2ae993a2ffec0c137eb51c8832691bcb

      SHA1

      98e0b37b7c14890f8a599f35678af5e9435906e1

      SHA256

      681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

      SHA512

      2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsa6EE7.tmp\nsExec.dll
      Filesize

      6KB

      MD5

      b648c78981c02c434d6a04d4422a6198

      SHA1

      74d99eed1eae76c7f43454c01cdb7030e5772fc2

      SHA256

      3e3d516d4f28948a474704d5dc9907dbe39e3b3f98e7299f536337278c59c5c9

      SHA512

      219c88c0ef9fd6e3be34c56d8458443e695badd27861d74c486143306a94b8318e6593bf4da81421e88e4539b238557dd4fe1f5bedf3ecec59727917099e90d2

      Download Submit

    • C:\Windows\hotdoggen.ini
      Filesize

      50B

      MD5

      70345464ba62a9453db2f24c1bc10881

      SHA1

      62fe4814d1b6082b46c196734b9eaf33b9b691bb

      SHA256

      cc7e912d757a17a09ced10401c69d122b7972d4f9f6e26705e18a8cfe3ebef40

      SHA512

      b0ed1640898ebf66797489862be3acdff589b161106c688e0536cabd91f673a75126a70b9363b078d8c88144d547ded4e8980e457c8e75e1477aadbb5414ae3a

      Download Submit

    • memory/1144-321-0x0000000077C81000-0x0000000077DA1000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1144-326-0x0000000034C00000-0x0000000034C24000-memory.dmp

      Filesize

      144KB

      Download

    • memory/1144-300-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-301-0x0000000077D08000-0x0000000077D09000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1144-302-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-303-0x0000000077D25000-0x0000000077D26000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1144-316-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-317-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-318-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-319-0x0000000035140000-0x000000003548A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1144-320-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-329-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/1144-325-0x0000000000400000-0x0000000001654000-memory.dmp

      Filesize

      18.3MB

      Download

    • memory/2024-299-0x0000000010000000-0x0000000010006000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2024-298-0x0000000077C81000-0x0000000077DA1000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3552-335-0x0000000008240000-0x0000000008316000-memory.dmp

      Filesize

      856KB

      Download

    • memory/3552-336-0x0000000008240000-0x0000000008316000-memory.dmp

      Filesize

      856KB

      Download

    • memory/3552-337-0x0000000008240000-0x0000000008316000-memory.dmp

      Filesize

      856KB

      Download

    • memory/5112-327-0x0000000000E00000-0x0000000000E40000-memory.dmp

      Filesize

      256KB

      Download

    • memory/5112-328-0x0000000000E00000-0x0000000000E40000-memory.dmp

      Filesize

      256KB

      Download

    • memory/5112-330-0x0000000002DE0000-0x000000000312A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/5112-331-0x0000000000E00000-0x0000000000E40000-memory.dmp

      Filesize

      256KB

      Download

    • memory/5112-332-0x0000000003130000-0x00000000031D3000-memory.dmp

      Filesize

      652KB

      Download

    • memory/5112-333-0x0000000000E00000-0x0000000000E40000-memory.dmp

      Filesize

      256KB

      Download

    • memory/5112-334-0x0000000003130000-0x00000000031D3000-memory.dmp

      Filesize

      652KB

      Download