Overview

overview

7

Static

static

3

e246c9e9cb...ac.exe

windows7-x64

7

e246c9e9cb...ac.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e246c9e9cb0aa807703e6d696b0294ac.exe

  • Size

    145KB

  • MD5

    e246c9e9cb0aa807703e6d696b0294ac

  • SHA1

    8e5526009704617c52df9cf348859878889e6a2f

  • SHA256

    63a5c0e2156eef987a9e3938b1a297769df726936bcd995435d9deb09daba779

  • SHA512

    ab6a3b6b3ce3327184f2f0b50a218d197cc7dc192f97f77547416ba17fd2eba8d70490bbc30498af315f7d570445e58bd97c50ca480e4d7930fd89faddd4bcac

  • SSDEEP

    3072:jdozRNCZ/NzgPWD2+SRleqQ4NPEEUqob/lnMMMMMMjMMMMMMMMMMMHMMMMMMbMMy:i3CUWERVQ4NeqoVMMMMMMjMMMMMMMMM9

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 20 IoCs
  • Adds Run key to start application 2 TTPs 9 IoCs
    persistence
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e246c9e9cb0aa807703e6d696b0294ac.exe
    "C:\Users\Admin\AppData\Local\Temp\e246c9e9cb0aa807703e6d696b0294ac.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1960
    • \??\c:\program files (x86)\common files\system\msadc\ja-jp\msadcermsadcfr.exe
      "c:\program files (x86)\common files\system\msadc\ja-jp\msadcermsadcfr.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:2492
    • \??\c:\program files (x86)\windows nt\tabletextservice\en-us\systemmicrosoft.exe
      "c:\program files (x86)\windows nt\tabletextservice\en-us\systemmicrosoft.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:1832
    • \??\c:\program files (x86)\windows defender\ja-jp\windowsoperating.exe
      "c:\program files (x86)\windows defender\ja-jp\windowsoperating.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:1644
    • \??\c:\program files (x86)\common files\system\ole db\de-de\sqloledboledb32r.exe
      "c:\program files (x86)\common files\system\ole db\de-de\sqloledboledb32r.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Windows Defender\ja-JP\WindowsOperating.exe
    Filesize

    145KB

    MD5

    e246c9e9cb0aa807703e6d696b0294ac

    SHA1

    8e5526009704617c52df9cf348859878889e6a2f

    SHA256

    63a5c0e2156eef987a9e3938b1a297769df726936bcd995435d9deb09daba779

    SHA512

    ab6a3b6b3ce3327184f2f0b50a218d197cc7dc192f97f77547416ba17fd2eba8d70490bbc30498af315f7d570445e58bd97c50ca480e4d7930fd89faddd4bcac

    Download Submit

  • memory/980-377-0x00000000001C0000-0x00000000001E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/980-328-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/980-261-0x00000000001C0000-0x00000000001E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/980-263-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/980-264-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1644-219-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1644-304-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1644-217-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1644-220-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1644-221-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-166-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1832-163-0x0000000000240000-0x0000000000260000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1832-165-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1832-273-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1832-305-0x0000000000240000-0x0000000000260000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1960-1-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1960-89-0x0000000000230000-0x0000000000250000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1960-104-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1960-4-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1960-3-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1960-86-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1960-29-0x0000000003130000-0x000000000317C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1960-28-0x0000000003130000-0x000000000317C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1960-2-0x0000000000230000-0x0000000000250000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2492-91-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2492-233-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2492-215-0x0000000000400000-0x000000000044C000-memory.dmp

    Filesize

    304KB

    Download

  • memory/2492-90-0x00000000002B0000-0x00000000002B1000-memory.dmp

    Filesize

    4KB

    Download