Overview

overview

7

Static

static

1

bbdba37afd...97.exe

windows7-x64

7

bbdba37afd...97.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bbdba37afd102d63b6e0fba22d214697.exe

  • Size

    2.3MB

  • MD5

    bbdba37afd102d63b6e0fba22d214697

  • SHA1

    d29a5a196ad23d6356b8fb9544f5ff6fa9d1da7e

  • SHA256

    6005dc9e82cb5035a251dbde552ef5b773ab0caa6c960ce8c285b3274a1c2386

  • SHA512

    67a987bcf2b90c65ce0a2827e536d0e460e02c0b30ce8bdf4221b9d4e37965be46d447aad48e4215f4b2a2e1a00e00a47bca242db0cb5e00e863ec575a06685c

  • SSDEEP

    24576:zzIDvKM4LFPQFqf0ZF0x4GjaZsyfatttoGUcAMzxjBTDsuMj/Hgbplmua:zsjKM43f0ZFZStttoGUcAMzxjBTD9oaa

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 62 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbdba37afd102d63b6e0fba22d214697.exe
    "C:\Users\Admin\AppData\Local\Temp\bbdba37afd102d63b6e0fba22d214697.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3D3F.tmp
    Filesize

    2KB

    MD5

    51b59a7143976846b945aad9822792c1

    SHA1

    5d09b7fdfea1066de3466d4b808e46f9de6f7d38

    SHA256

    2ae0b744dd24675d8d01388f55a732d1b19e140d22cf42098d2c8e2eb198c446

    SHA512

    77333338292206c96eb407ec921e76a9dc071a3612655c2c4108a33c87149afa71bf94aff151367eeb374fe1f44a062d6a23dabdc6832b84da3be967db3a0a12

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cfgdll.dll
    Filesize

    45KB

    MD5

    1479c26076bb69ef920b567bbe166fb5

    SHA1

    725b96c0aa4d3ed117ab4f9ddedc5243b1b5b489

    SHA256

    ec4f7a4bce0407f7d04492e036b149b5db0224231b8ecbb77eb88cf94507be3a

    SHA512

    afad589f9c512ba40149a25055ec9beba761933a64aed3b10aa4263150adcfad7b0c93e94c173a97e446117f2b4006861914944856be1bf227b04ce6704068b3

    Download Submit

  • \Users\Admin\AppData\Roaming\qmacro\qdisp.dll
    Filesize

    41KB

    MD5

    14d118d82f4223fb57b21539548d9980

    SHA1

    a7c86fde656261f032a6cd8093cc429181a7542c

    SHA256

    703de629ccd285ed9c70278a4015ad110cfcde6002fcf3c59f163c785d510f26

    SHA512

    935a3a33d6644cee9281bd26d7fe86e4f5e2f89d359414a1367a5755e6a992975d3855e7b0c3bea9a9a607b6de8bf1e853796403537cf0f185edd9f9c6ae0f83

    Download Submit

  • memory/2388-54-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-65-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-51-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-52-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-53-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-34-0x00000000007D0000-0x00000000007DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2388-55-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-50-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-66-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-78-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-79-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-80-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-81-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-82-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2388-83-0x0000000000400000-0x0000000000652000-memory.dmp

    Filesize

    2.3MB

    Download