Overview

overview

7

Static

static

3

bc5a2e029e...b4.exe

windows7-x64

7

bc5a2e029e...b4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc5a2e029eed8ef8589a09d6dafbfdb4.exe

  • Size

    20KB

  • MD5

    bc5a2e029eed8ef8589a09d6dafbfdb4

  • SHA1

    b532009f65dfb1941216776030a4c0ebfee39b1b

  • SHA256

    912e7dbc6572651d87f27337e189bb670d650141d3efeb97669590c0c9ba1b35

  • SHA512

    4b98bbb06857143864be276a493093f80e2cd6917cb53439d1c9e9ef66f7461f13fb45e33c072fedf2d420a42d63bce2aad266f381b3fed16765f4e974165830

  • SSDEEP

    384:ejQrdNQwQglX2sIFrDBP1NVEqoqjSvNhXOfyNSDI:jyw5uFHXE7YSvN4KNr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc5a2e029eed8ef8589a09d6dafbfdb4.exe
    "C:\Users\Admin\AppData\Local\Temp\bc5a2e029eed8ef8589a09d6dafbfdb4.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1640
    • \??\c:\windows\kenny11.exe
      c:\windows\kenny11.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\6566533.bat
        3⤵
          PID:1052
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\6566533.bat
        2⤵
        • Deletes itself
        PID:2608
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2460

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\6566533.bat
      Filesize

      107B

      MD5

      f44172647bafba8f4960fc6df9d823e1

      SHA1

      75c9b654a6cfdef6fec0c4f4c6da8ff0cbc25fcc

      SHA256

      fbc9f8dfafc13c3c67be51b6c77927698893d2c7f854916467621b47359b7d7b

      SHA512

      e19f872a055ee897c6f5536221fdd4f7600819deb5ce9cc29e7723ff23fa6763416d07bdff3a46cef72e1d040e3e639facd565ec5fd4b66b1d5f368209552bdb

      Download Submit

    • C:\6566533.bat
      Filesize

      203B

      MD5

      c5ab7354150215eb59fed364a8de1869

      SHA1

      e4ea41087d892e468c3e008626421fd423290ab1

      SHA256

      d801e081a8a993cf1530cbe9cbff1cd79fa723f3f3ad686306773fc0fc4b375b

      SHA512

      48d2b5ed57723006361a1dd21d5da1a7e01f7b8c52ae0904251fbffeb07589c811a7a00fa8c080706dda020cbfb18ae9fa093f963259da3412b01326bac4b450

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3545.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar36A3.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • C:\Windows\kenny11.exe
      Filesize

      20KB

      MD5

      bc5a2e029eed8ef8589a09d6dafbfdb4

      SHA1

      b532009f65dfb1941216776030a4c0ebfee39b1b

      SHA256

      912e7dbc6572651d87f27337e189bb670d650141d3efeb97669590c0c9ba1b35

      SHA512

      4b98bbb06857143864be276a493093f80e2cd6917cb53439d1c9e9ef66f7461f13fb45e33c072fedf2d420a42d63bce2aad266f381b3fed16765f4e974165830

      Download Submit

    • memory/1640-0-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/1640-3-0x0000000000220000-0x000000000022C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3052-9-0x0000000000400000-0x000000000040C000-memory.dmp

      Filesize

      48KB

      Download

    • memory/3052-18-0x0000000000300000-0x0000000000302000-memory.dmp

      Filesize

      8KB

      Download