Overview

overview

7

Static

static

3

c1ae7a64cf...07.exe

windows7-x64

7

c1ae7a64cf...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 21:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c1ae7a64cf7cfe601080a2c2e7038007.exe

  • Size

    2.4MB

  • MD5

    c1ae7a64cf7cfe601080a2c2e7038007

  • SHA1

    8a58668ac3bb71e62a9d76a39d907458b469cf32

  • SHA256

    e039894f87af2776b5d1217fb92f50dd9bd35b1eed2f858e4b8735f7066929ed

  • SHA512

    8b759701017032d64d06d5cfe6ca29238dd178c0f95504a6c3271cf9275d3bcf05bef86dd58cf5129e220f7a0bbd426e462e7d24ba99388fbae6a5bdaa21efbb

  • SSDEEP

    6144:MjkP7Rm1e/xISCnrDAZxZCyEXmF4DFxEVNHhtlyFNJN2AFFqVHt7G0cR+iVIpOmS:MgTR0eptCrDAxE7D4VNH8f/9cNvpXS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1ae7a64cf7cfe601080a2c2e7038007.exe
    "C:\Users\Admin\AppData\Local\Temp\c1ae7a64cf7cfe601080a2c2e7038007.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
      2⤵
      • Executes dropped EXE
      PID:3596
    • C:\Users\Admin\AppData\Local\Temp\Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\SysWOW64\RunDll32.exe
        RunDll32.exe "C:\Windows\system32\mobion.dll",DNSetup
        3⤵
        • Loads dropped DLL
        PID:432
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 636
          4⤵
          • Program crash
          PID:4772
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x46c 0x514
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:216
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:2420
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1644
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 432 -ip 432
      1⤵
        PID:4272

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver2D9.tmp
        Filesize

        15KB

        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RGI21ZAG\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Installer.exe
        Filesize

        104KB

        MD5

        bc457ea42343424a007c0f6461e723f0

        SHA1

        08db7bd69e151fedfc7eab478526bb0bff864546

        SHA256

        0f0be347d6257eb2040f7002fba114538fef277c37fb192699540f81ada91c8b

        SHA512

        d213addeefc60588a22ad3d14dd11862af5aa9aaf26ffcf9edd24772669b6582eb155d463ff97575dc122b3ec615cf39461e8f7a816bc0bdb60e7eebc962a714

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\keygen.exe
        Filesize

        205KB

        MD5

        11ce7ea3ed860d80bbcfcb2ea4f64dbc

        SHA1

        cf1d06559064baf05fa564961314ed48b59fb3b6

        SHA256

        f8f1095d4f4e100fdb16dd37372f674fd94148591f9e404a6956c0b8b48611c3

        SHA512

        6addfceedffe634b98fc626f887d262174bd5b3b2f4c1bd33e483158a8d606dae3f3e4af0618c535f7de7eaeccdfbe42d3fedbe828cde1bb6882d7eb4ce79493

        Download Submit

      • C:\Windows\SysWOW64\mobion.dll
        Filesize

        76KB

        MD5

        297a7d2e968eef68ca1fe5c5ad21a648

        SHA1

        9f06ea9814ec82585efa23a401ce97d1d139000f

        SHA256

        c7998599bd29e96a919d713accd0b2b17c5966c0f9fcfac5582bed0fd61a4ed1

        SHA512

        b1d5212c4ad6e0eb233c9d2b0e908be101f6cb1a3008a8593488fcb7f9b5eb3e699bc564c9f9123827034f5b4046b3f931471e3c1fd167188c5f7af6a8ce8a56

        Download Submit

      • memory/3596-26-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-37-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-17-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-16-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-18-0x0000000000640000-0x0000000000642000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3596-24-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-25-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-11-0x0000000002260000-0x0000000002261000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3596-10-0x0000000000640000-0x0000000000642000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3596-12-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-38-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-39-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-7-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-50-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-51-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-52-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-53-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-54-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download

      • memory/3596-55-0x0000000000400000-0x00000000004D9000-memory.dmp

        Filesize

        868KB

        Download