Overview

overview

7

Static

static

3

e104ec13f8...e9.exe

windows7-x64

7

e104ec13f8...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240319-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/03/2024, 06:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e104ec13f856854262a38fd446800be9.exe

  • Size

    291KB

  • MD5

    e104ec13f856854262a38fd446800be9

  • SHA1

    ae536f56e540f865d1d0e5ff669a7c632c65ae6c

  • SHA256

    d0d17a30ed9223cedcf6538be8045fc6e5d49a7d17b705e3e53ba2369e83b333

  • SHA512

    a818a4f73d93fe252b5508750068e78e3a91d70195313a03845f87c0bbf6e80770b4c46db4ccab1d3e98e3bb48aca66e082c0e671c64da2241900712b22ea4cc

  • SSDEEP

    6144:3hTFdlny677b1Idz9PmUbfffslfbhFRLHHeDv8K4BZDcZbq:91V35IdxuULf0lfbhF5HO8K4BZ6+

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 4 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e104ec13f856854262a38fd446800be9.exe
    "C:\Users\Admin\AppData\Local\Temp\e104ec13f856854262a38fd446800be9.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:400
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3988 --field-trial-handle=2288,i,10301911031503898037,2997280636231771547,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:980

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\MSINET.OCX
      Filesize

      129KB

      MD5

      90a39346e9b67f132ef133725c487ff6

      SHA1

      9cd22933f628465c863bed7895d99395acaa5d2a

      SHA256

      e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

      SHA512

      0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

      Download Submit

    • C:\Windows\SysWOW64\MSWINSCK.OCX
      Filesize

      121KB

      MD5

      e8a2190a9e8ee5e5d2e0b599bbf9dda6

      SHA1

      4e97bf9519c83835da9db309e61ec87ddf165167

      SHA256

      80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

      SHA512

      57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

      Download Submit

    • C:\Windows\SysWOW64\VSListview.ocx
      Filesize

      88KB

      MD5

      09411b401ac53b113d9492ce45186380

      SHA1

      15f4c683ba317bb0b54b335755721fcc2d745cd3

      SHA256

      e4f27ba024f2ec6be12d94790b7d07f6245dfb75339bad6969fd311229d1d326

      SHA512

      65a68e8d1dd46e498ebe2e07b6c81078605dcbe5271dfc3364146f298b170c5bf2c68b307e3267505b6ea0645d4a1cc0f5780b6de3f640a81829ea13797f0efa

      Download Submit

    • memory/400-0-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download

    • memory/400-28-0x0000000000400000-0x00000000004E8000-memory.dmp

      Filesize

      928KB

      Download