Overview

overview

7

Static

static

3

ad94d60f55...7b.exe

windows7-x64

7

ad94d60f55...7b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    29/02/2024, 03:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad94d60f55a18437f92fbdcae9b5877b.exe

  • Size

    765KB

  • MD5

    ad94d60f55a18437f92fbdcae9b5877b

  • SHA1

    d54898bab32f25a922b42630c8f7339f7e8b5bd8

  • SHA256

    745e4e94c5cfed3c2bd3d1dae2a920e134003abb41f2e115de21ad9455eea398

  • SHA512

    fd965a7447f4d5befe9a0c2aaebb33ad26215d9b722f2fce5fbb36497804cab6b7ce064f36435a3267498dc41ef2f3559150d9addd46b484203b3acf072b70ae

  • SSDEEP

    12288:QaitwoFKgcZD0OW5AUmV0qayz11JDmJv9O2SfIA5f9FZSk1z4yhMDaq2:XkwkDc10OW5AHVy6vAJv9O2SjN7

Score
7/10
evasiontrojan

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad94d60f55a18437f92fbdcae9b5877b.exe
    "C:\Users\Admin\AppData\Local\Temp\ad94d60f55a18437f92fbdcae9b5877b.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Windows\DELME.BAT
      2⤵
      • Deletes itself
      PID:2420
  • C:\Windows\IEXPLORE.exe
    C:\Windows\IEXPLORE.exe
    1⤵
    • Executes dropped EXE
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\DELME.BAT
    Filesize

    190B

    MD5

    98a2e082020424a33bbc56685f510968

    SHA1

    30581ea197167d8e99e22a24cc9060e2291890bb

    SHA256

    251ffaa0cc8eee8544e37af6e8137629661e47e827a99476c95c9c41f163eeb8

    SHA512

    e577577ddaf3ff822538a39058d6e3da219ec804f64d9633e80519884f83ff9176bef5dece2292ca37f960487a99d5a5a9bd1faca445afe156a20825ee6b2e26

    Download Submit

  • C:\Windows\IEXPLORE.exe
    Filesize

    765KB

    MD5

    ad94d60f55a18437f92fbdcae9b5877b

    SHA1

    d54898bab32f25a922b42630c8f7339f7e8b5bd8

    SHA256

    745e4e94c5cfed3c2bd3d1dae2a920e134003abb41f2e115de21ad9455eea398

    SHA512

    fd965a7447f4d5befe9a0c2aaebb33ad26215d9b722f2fce5fbb36497804cab6b7ce064f36435a3267498dc41ef2f3559150d9addd46b484203b3acf072b70ae

    Download Submit

  • memory/1976-4-0x0000000000010000-0x00000000000D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1976-5-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1976-8-0x0000000000010000-0x00000000000D8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1976-12-0x0000000000390000-0x0000000000391000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-0-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1984-7-0x0000000000400000-0x00000000004C8000-memory.dmp

    Filesize

    800KB

    Download

  • memory/1984-11-0x0000000000250000-0x0000000000251000-memory.dmp

    Filesize

    4KB

    Download