Overview

overview

7

Static

static

3

0288860d3e...dd.exe

windows7-x64

7

0288860d3e...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09-03-2024 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0288860d3e3c82b1a9491301fdfcd5cf6759e5e2060ca58362e7abea694a0ddd.exe

  • Size

    505KB

  • MD5

    7dc0f025bb7ff459c023c573ff5fd856

  • SHA1

    03475b217efa9d06c05443b9bce069ce11e0f0d4

  • SHA256

    0288860d3e3c82b1a9491301fdfcd5cf6759e5e2060ca58362e7abea694a0ddd

  • SHA512

    dffd3ac039f25591d5186b0f9daa7431ff1973fbb52fe126260e2fe24ae1902f7a018ec50d5bf6ebce2d12c7f51af0f51e5e89bd73e6e0521edfebf6441f32ae

  • SSDEEP

    12288:Z6QTlw7u7eAefuwA8dzQD1NYYueR10lFMv:Z66OS7lwAf/zXv

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0288860d3e3c82b1a9491301fdfcd5cf6759e5e2060ca58362e7abea694a0ddd.exe
    "C:\Users\Admin\AppData\Local\Temp\0288860d3e3c82b1a9491301fdfcd5cf6759e5e2060ca58362e7abea694a0ddd.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\jki423E.tmp
    Filesize

    253KB

    MD5

    a56f705d15a4535430e40bf2907dbbcd

    SHA1

    172329899e0898d69cf208b0173673fcc6c6ae09

    SHA256

    6a39d989df65c8c20534c65e1c8dcc5534f4f03c3553cc6fd588f76dd1227b5d

    SHA512

    7369dbc64e7c8c49c9546dcd3a1bac56d8ef9bfb7e9b68792e7fd24e8c81321c04b54c3ba7032068cd49c79df8d15074935f555b9ef478d89ff77eb86eb5e863

    Download Submit

  • \Users\Admin\AppData\Local\Temp\jki423E.tmp
    Filesize

    405KB

    MD5

    c1a74ba246610086f56d11f967239c27

    SHA1

    02fc117f8f111320fd4d40e3136b8126e3f411ca

    SHA256

    411397f27c20f474a8e388a80a02859a26299c2c2bb519d61000eb34620f1be7

    SHA512

    6eba4ec75aaa4ffcb2418e47b2c1bde0b5b03e360914fb60f89543bdf57f9ffdf707ce33061c41e7759a2e1b0199a3d20427a5e3e11c72220fed39935c2f6f04

    Download Submit

  • memory/2976-5-0x0000000074200000-0x00000000748EE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2976-4-0x0000000000730000-0x000000000079A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/2976-6-0x0000000004CF0000-0x0000000004D30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2976-7-0x0000000004CF0000-0x0000000004D30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2976-8-0x0000000004CF0000-0x0000000004D30000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2976-14-0x000000000A540000-0x000000000ACE6000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2976-19-0x0000000074200000-0x00000000748EE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2976-20-0x0000000004CF0000-0x0000000004D30000-memory.dmp

    Filesize

    256KB

    Download