Overview

overview

3

Static

static

3

de252f11f4...29.exe

windows7-x64

1

de252f11f4...29.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25-03-2024 13:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de252f11f4f9c248e4ab52d0b0284c29.exe

  • Size

    15KB

  • MD5

    de252f11f4f9c248e4ab52d0b0284c29

  • SHA1

    5d636b450673aecd4beac2ba2fcb2cf723a7edce

  • SHA256

    8beff6da5aa0c3fabb949e69c86972bccbf4efa206b8dfba6c4c48c812c4fcaf

  • SHA512

    e7e9711bb3e7ad91e21cc38057b5284df61d1a6bae877adf319230dcf53c364a17a6496e738c509385ffbce2204c5a0ab9edb62230f492e211c6c8ceb9ab90e1

  • SSDEEP

    384:G6MfwAz3M43FX4ya2F5z824kWIklXa9ZV:GHYAznJa2F5i1lq9ZV

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de252f11f4f9c248e4ab52d0b0284c29.exe
    "C:\Users\Admin\AppData\Local\Temp\de252f11f4f9c248e4ab52d0b0284c29.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://tou1.yiall.com/down3/down/?s=C0BDC09FAFC2B6E8B4E4DAEA83C2B6B7&n=C8BEDBB6B6B3D1C6B8D6BCAD
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2180-0-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2180-1-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-4-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2180-6-0x0000000000020000-0x0000000000021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2180-13-0x0000000000400000-0x000000000040C000-memory.dmp

    Filesize

    48KB

    Download