Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
19-03-2024 18:54
General
-
Target
Visualizar.exe
-
Size
380KB
-
MD5
a0499c528485f98d6f92a1d417abb9ec
-
SHA1
5143a1ed4ebd77f6c957def9a9967c353f8bce63
-
SHA256
1df1b7974395702532365b128b157c6f248baa1fce453b45772098aabd92a954
-
SHA512
2437fb42750182dfec70d6cba86053873abe29357749d3ab89f2e855fbb5734e16ce4d31e7b7cec22b5060cb677cbded78f777cdb006d405a0909b3945b1a227
-
SSDEEP
6144:Wifrt/9VPG/iLfryD12MXWrQhWXRcSQWCGrikUg1UTab7cwveEF6W6K1A:R/9pG/iLiPXWkjfmekHNcwveEF6WK
Score
7/10
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in Windows directory 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Visualizar.exe"C:\Users\Admin\AppData\Local\Temp\Visualizar.exe"1⤵
- Installs/modifies Browser Helper Object
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\cmd.exe /k %windir%\System32\reg.exe ADDHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System/v EnableLUA /t REG_DWORD /d 0 /f2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe ADDHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System/v EnableLUA /t REG_DWORD /d 0 /f3⤵
-
-
-
C:\Windows\SysWOW64\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\cqrm944.dll2⤵
-