Overview

overview

7

Static

static

7

b50c5c5357...97.exe

windows7-x64

7

b50c5c5357...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 15:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b50c5c5357394901ba856b0d93d30697.exe

  • Size

    25KB

  • MD5

    b50c5c5357394901ba856b0d93d30697

  • SHA1

    3339c604e9a86e8d4c648a42ac788fc25bf428b5

  • SHA256

    4e44231509e426c10886a404e1c6e12c3d035588bda3940a9e1dfd2282acc268

  • SHA512

    4683b98d43b78a38cf48d545df9649de8b3088ceabd6e3be6931a5f488d2f45ddbd68e6b98d2120328e339d4607230f49251fdbc100041e426caee727989ee23

  • SSDEEP

    768:Ve/6d2fDN9xR+TxP7TdV/3+yi3JYIxy2:w/6wzL6FhOHJZV

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b50c5c5357394901ba856b0d93d30697.exe
    "C:\Users\Admin\AppData\Local\Temp\b50c5c5357394901ba856b0d93d30697.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:264
    • \??\c:\windows\bolivar30.exe
      c:\windows\bolivar30.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:4424
      • \??\c:\windows\SysWOW64\regedit.exe
        regedit /s c:\1.reg
        3⤵
        • Modifies registry class
        • Runs .reg file with regedit
        PID:3000
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\355674543.bat
        3⤵
          PID:2388
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\355674543.bat
        2⤵
          PID:1072
      • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
        "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
        1⤵
          PID:1984
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
          1⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3884
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3884 CREDAT:17410 /prefetch:2
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:4704

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6Y4OXOYV\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Windows\bolivar30.exe
          Filesize

          25KB

          MD5

          b50c5c5357394901ba856b0d93d30697

          SHA1

          3339c604e9a86e8d4c648a42ac788fc25bf428b5

          SHA256

          4e44231509e426c10886a404e1c6e12c3d035588bda3940a9e1dfd2282acc268

          SHA512

          4683b98d43b78a38cf48d545df9649de8b3088ceabd6e3be6931a5f488d2f45ddbd68e6b98d2120328e339d4607230f49251fdbc100041e426caee727989ee23

          Download Submit

        • \??\c:\1.reg
          Filesize

          202B

          MD5

          428090d84a47f875c8fdd6d0258f00c5

          SHA1

          96c029720065ac1dc5ece2a5481b780267d7b439

          SHA256

          8c8668f6339728aebfc08e547f15b0e250f6a551be86f47fcb6098ffe37f0404

          SHA512

          f752bf52b359a5a82e821ee288e11cd4176c39ac3c932c6f44db69780c6e2597e654bbb3a9db9c32f8659d5af66fa9578b5625758b1f6db70c1314369dbadf7d

          Download Submit

        • \??\c:\355674543.bat
          Filesize

          121B

          MD5

          bba669b4c4e488f95dcc5acaccbde5fa

          SHA1

          d4b568fb8ca1cdf0efe38d3a70b881e6d1b48242

          SHA256

          3efce31d9197516129b549e0c478fb38ec9cfede6d46e1cc3f039512f2e4415f

          SHA512

          298d78f0196754ece26e45bf280348626b6caff5f4368b4abafae3b467115bbdf12d5c3b1163de241f4198792c51dba31cd81e27f060a3cd989dcf4489f62827

          Download Submit

        • \??\c:\355674543.bat
          Filesize

          213B

          MD5

          f5084eceb04a862006d8ad2f7f8488e7

          SHA1

          c49af1aa42146be1c4e0634dfe3eeaf8c1c1d4f7

          SHA256

          7cc549c7c2706fa78cd92830b6d21f276beac37f9e9a7cc3c5949829d1406ed3

          SHA512

          2d9af66a79016808bfb454b84e97ed12bb5609acaf0f980e3c7fd1852405a62aa85de73d49bab29719e04295bd099d71d358aaf9c906dd411761631f5979c6ec

          Download Submit

        • memory/264-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/264-8-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download