Overview

overview

7

Static

static

3

b846797239...5e.exe

windows7-x64

7

b846797239...5e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 21:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b846797239f53087160e9ad02fbf675e.exe

  • Size

    70KB

  • MD5

    b846797239f53087160e9ad02fbf675e

  • SHA1

    55dd7659bb2587888eea0459680cff3f7b95032f

  • SHA256

    3a44787d2cb3d19a2482dc745fe9c6fa4633deaabe9d1fb302f9166ff11fb345

  • SHA512

    4da45fc7b7d3249389dc2541b4d760cd58291d1c01d93bc368d6072c97215c4444300d4aa69f79f7d09d5340eb3b9935c645cd4bfe0972667dda2406a1f8778d

  • SSDEEP

    1536:jvqz89m+363/7AbwLYtAFFW9yciOigri2X8dIJhlBwOUrBjlSNCSDRoqx:jvqz89m+363/7AbwLYtcFkTiQ8mdUZq3

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe
    "C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe
      "C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe" C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1340
    • C:\Program Files (x86)\Adobe\acrotray.exe
      "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Adobe\acrotray.exe
        "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2468
      • C:\Program Files (x86)\Adobe\acrotray .exe
        "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2552
        • C:\Program Files (x86)\Adobe\acrotray .exe
          "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\b846797239f53087160e9ad02fbf675e.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2776
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2572
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:472076 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\acrotray .exe
    Filesize

    81KB

    MD5

    7570a1b3d2d22094b6c1a835b7a725b0

    SHA1

    9411f4aa14b22a932bbf2ea46b51313728e9fb05

    SHA256

    3db4090f38fa0e70608ac4bf47785c6fbef2e2ab6f5f3b225687b6a550fdd28b

    SHA512

    463f979f60035658be656baf9193bb3e52e9808c523de4b26220a5a16d933967b545c51c58cc32c06cbf5e3a6d9602dada58787d015cd12500f08b3a3ddbf7b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14e117ebbdc14fbb78d92bebc1509f66

    SHA1

    eabf789699e8adc1e478757dd370ce3d076bed62

    SHA256

    45497f7922ad424a4ff87f34f30f11550edbf721fcb233ec35a28cdfaf548626

    SHA512

    379e7e0384ebe04458b56dea152dea8f9450a13831072705e848274350896a16195f1bce2752d39289a2a8b595c29509898e13c00c594ac9f28a52f99ee03d6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    589b6f16fbdddb15228646313325773a

    SHA1

    ec24d7f477123d0ea05c290e914e6848d192c1a8

    SHA256

    2dd14d1a15f149c965bd955feb9e14ed969b628bad1726ab4b129786efa29578

    SHA512

    58bf063a3aa6f30057a0215673f092870fbe5772faa45e6fe9bed3959dc7c8bb6dad5f2db035a65e1e9c5c05692a6a45602161ef5e276a57e599f626d28db07c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23768b7bd908738be156850062c5fd75

    SHA1

    6fb02c15be845b2418fa842471a3d18cd1cc6ca3

    SHA256

    0901511f2d185d8ca921c1d4d0b3ee5e828defbd1e3afb58aa9150271d5878d4

    SHA512

    62b1d0c39213bf816ea73c1e4597b986195e48d14b303b46d0adc098e5d8f5531c0f1c551569dc15e88089629944b68454054e5ed6adab818cc6ae27ceec5117

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5b97b8f6d636d9f16cf082d646e101a

    SHA1

    4052fdd0493f5baa16ec5e3d77f5fe64771555bb

    SHA256

    69a5b57e94adad422060d01617c8a7bd249e477f0819833336ef13c6df244f14

    SHA512

    1ce8033dc63c4aa58343c83747decddef5043799085f95334f5f836c39b6da9984e07c00d3aaa5a266d5b501e98f364b9acb86ec296c3735547fe165364501f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b5fb95835fe2dbcaa56bc4ad917a1b5

    SHA1

    dbe4bae146f688240dc02175e6b0a61c147a5f1b

    SHA256

    452ea01ef31b4350efc3416a20f8967b4cb40183e2334a31780f1e1e32a1614a

    SHA512

    81c57472832177223a0376629a61b4c04b415db72ba66b0d5dc36131ff2c1c65e4d9f7ef429aaf880797ee7ab5637cc117d770c13010e44c2b741461e513c80a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0ec608bef36fe3d10eee37646e23e54

    SHA1

    9c20539c09f67bc98087436d1395a13c87ed5a8f

    SHA256

    fac646f440129ad223d7022849dd3095cb96d02fe3f54db99c2234ea7a29556a

    SHA512

    0916eb7f3f95d81e3f39b9780dae6b090b7b6ffeebef645de8354b9d73be22b09d7d1f6cf64b73530e53d1409e27f6304e4f7e76409d89311c1c6c15449cf2e5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RSAB58HZ\bYLpIdkKo[1].js
    Filesize

    32KB

    MD5

    155aa791940dc8c525a4dbab4d8dbc0a

    SHA1

    9320dba4977ec5b99f1bbd6c396a9a972c215886

    SHA256

    763e602ef7c13af2dd7289d1290b1219e0bbfb6dbab56a46c8965970947a466b

    SHA512

    0bb005bf1b1aea41bc1dffbaeba6ea4f66a09bf789bff805c71859853e2ea756952776fd2cffb71f2c4b44e2fe894f1785d42374a85f3f9c19e45853b9572153

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab85A5.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8B0B.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • \Program Files (x86)\Adobe\acrotray.exe
    Filesize

    81KB

    MD5

    d14b1eec56568f946a503f1bb813a9a8

    SHA1

    dc8e86824aff108eb4f715e07127b3b7c3db2f06

    SHA256

    105b3d135add099440a4d7078ff7b8bd207c51187d13e1b0ceb57bb8d732bbc4

    SHA512

    e8cf31ef1684409b61941960d9f9e45f692b55727fc2e6fcb0ac4d70de9e5fcdb372e8ccc5cbb1e8d321ef99889034b32ad0171974b909d30fe6dc3aca8cd718

    Download Submit

  • memory/2220-0-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2220-28-0x0000000002EA0000-0x0000000002EA2000-memory.dmp

    Filesize

    8KB

    Download