Overview

overview

7

Static

static

3

c45a6b50e9...ec.exe

windows7-x64

7

c45a6b50e9...ec.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    158s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-03-2024 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe

  • Size

    744KB

  • MD5

    c45a6b50e9ab1a2c3b1b3e0c848e60ec

  • SHA1

    d9341271f44f564ac439d3efb6eaaa54a414d8fa

  • SHA256

    d8f172a8806c2d88522bcc2d07e5b123f7d59d36b3e0fa83b4c2ff167afbfea8

  • SHA512

    88a9d9665a28b27e49bf86d82d81930e33af6a97e52402587a6cf07d87c32e2f958a07220c280bb3518fdcf65923546f455def721b27109db51f62f8e378a023

  • SSDEEP

    12288:vBELjEV2tIJcEndCAFsnxCvgJAXV80BVrBoiaQNetqWQffG:vBEIAAFsxSgJeJy3qWse

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe
    "C:\Users\Admin\AppData\Local\Temp\c45a6b50e9ab1a2c3b1b3e0c848e60ec.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\uninstal.BAT
      2⤵
        PID:4140
    • C:\Windows\WAPH.exe
      C:\Windows\WAPH.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Program Files\Internet Explorer\iEXpLOrE.exE
        "C:\Program Files\Internet Explorer\iEXpLOrE.exE"
        2⤵
          PID:4556

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\WAPH.exe
        Filesize

        744KB

        MD5

        c45a6b50e9ab1a2c3b1b3e0c848e60ec

        SHA1

        d9341271f44f564ac439d3efb6eaaa54a414d8fa

        SHA256

        d8f172a8806c2d88522bcc2d07e5b123f7d59d36b3e0fa83b4c2ff167afbfea8

        SHA512

        88a9d9665a28b27e49bf86d82d81930e33af6a97e52402587a6cf07d87c32e2f958a07220c280bb3518fdcf65923546f455def721b27109db51f62f8e378a023

        Download Submit

      • C:\Windows\uninstal.BAT
        Filesize

        190B

        MD5

        7cb32f687e3f878291812b9cd669c864

        SHA1

        bef2b4c931fff6b355931759b47648d0cc2bb775

        SHA256

        f73f781c7f8232ff551a3866b172d00151831afefb4e48172c0f7d3622a12e7d

        SHA512

        2a9df2a164271d5e06c57c456372a65958765bdbc12e8dd7ef2da4ba74cf60ed00c36e36cb7e181ef63c3c1863ebbc659340aba0e4e4f4f0eeaee6f22386c825

        Download Submit

      • memory/1524-6-0x0000000000770000-0x0000000000771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1524-11-0x0000000000400000-0x00000000004C2200-memory.dmp

        Filesize

        776KB

        Download

      • memory/1524-12-0x0000000000770000-0x0000000000771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4676-0-0x0000000000400000-0x00000000004C2200-memory.dmp

        Filesize

        776KB

        Download

      • memory/4676-1-0x0000000002280000-0x0000000002281000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4676-9-0x0000000000400000-0x00000000004C2200-memory.dmp

        Filesize

        776KB

        Download