Overview

overview

7

Static

static

3

Lisect_AV-...00.exe

windows7-x64

7

Lisect_AV-...00.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    113s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2024 06:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lisect_AV-T_G3_100.exe

  • Size

    683KB

  • MD5

    e165c91016d1098ae781c698ebb277cf

  • SHA1

    93c87aa4a53e417b46d1ca4327035d5775f53f62

  • SHA256

    5318d1a14cab2cf8909622d61cabc07e23dd95eebab59898f8d95896cae8df67

  • SHA512

    11e42c9fc5c63943fdc2086c4be4dda8f053902b214a2065c716bc1945feaf42fd7b50e564b4a57067083fabe4d3e91648a3e80662e1708dcd6b80f8fff47f4a

  • SSDEEP

    12288:eZuumVcrmovF98HURfSTC/Ud69ZhJnNsuuJ/k0wcBVSq5SLp45PWICMZhNmMhlm:rum+rm49Gii6rNsu90w0SqNN1CMjNl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:1224
    • C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe
      "C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe
        "C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:2632
    • C:\Windows\SysWOW64\extrac32.exe
      "C:\Windows\SysWOW64\extrac32.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:2344

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\vbb4b.zip
      Filesize

      542KB

      MD5

      a9a3b70adcf65be80c9b00e65d158669

      SHA1

      f2149444f70b702a43ad1e058dea147d6ba2eb5d

      SHA256

      bdcd90d909c708eff9a829c01b428c2b24fafc15f63deccd064c2bb12b0a49e3

      SHA512

      e06ea8f9d982ecd5bedf23676fa41b49d8673d9135f752655210c322529fb1441a4ef5f292825eea11ccb0cb516e873c33d16c3f800204511639c5b8db429290

      Download Submit

    • \Users\Admin\AppData\Local\Temp\sqlite3.dll
      Filesize

      1.0MB

      MD5

      ce5c15b5092877974d5b6476ad1cb2d7

      SHA1

      76a6fc307d1524081cba1886d312df97c9dd658f

      SHA256

      1f1a186ea26bd2462ea2a9cf35a816b92caf0897fdf332af3a61569e0ba97b24

      SHA512

      bb9ced38c63d2a29e18c38f60020cfdf0161384cd4ad6328352626643becdf49f6b4bef47012391720344fdd8ad520aa802dcbbed15b5026d27eb93b0a839c90

      Download Submit

    • memory/1224-28-0x0000000004E70000-0x0000000004F51000-memory.dmp

      Filesize

      900KB

      Download

    • memory/1224-20-0x0000000008E30000-0x000000000A370000-memory.dmp

      Filesize

      21.2MB

      Download

    • memory/1224-29-0x0000000004E70000-0x0000000004F51000-memory.dmp

      Filesize

      900KB

      Download

    • memory/1224-30-0x0000000008E30000-0x000000000A370000-memory.dmp

      Filesize

      21.2MB

      Download

    • memory/1224-17-0x0000000000010000-0x0000000000020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1224-26-0x0000000000010000-0x0000000000020000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1224-33-0x0000000004E70000-0x0000000004F51000-memory.dmp

      Filesize

      900KB

      Download

    • memory/2064-6-0x00000000748A0000-0x0000000074F8E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2064-1-0x00000000748A0000-0x0000000074F8E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2064-0-0x00000000001A0000-0x0000000000250000-memory.dmp

      Filesize

      704KB

      Download

    • memory/2064-13-0x00000000748A0000-0x0000000074F8E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2064-7-0x0000000005120000-0x0000000005160000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2064-2-0x0000000005120000-0x0000000005160000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2064-3-0x0000000000300000-0x000000000030E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/2064-5-0x0000000005160000-0x00000000051DE000-memory.dmp

      Filesize

      504KB

      Download

    • memory/2064-4-0x0000000000360000-0x000000000036A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2608-31-0x0000000000130000-0x000000000016A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2608-32-0x0000000001DA0000-0x0000000001E43000-memory.dmp

      Filesize

      652KB

      Download

    • memory/2608-21-0x0000000000130000-0x000000000016A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2608-22-0x0000000000130000-0x000000000016A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2608-74-0x0000000061E00000-0x0000000061EED000-memory.dmp

      Filesize

      948KB

      Download

    • memory/2608-25-0x0000000000130000-0x000000000016A000-memory.dmp

      Filesize

      232KB

      Download

    • memory/2608-24-0x0000000001FC0000-0x00000000022C3000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2608-27-0x0000000001DA0000-0x0000000001E43000-memory.dmp

      Filesize

      652KB

      Download

    • memory/2632-9-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-23-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-19-0x0000000000380000-0x00000000003A4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/2632-18-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-16-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-15-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-14-0x0000000000960000-0x0000000000C63000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/2632-12-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2632-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2632-8-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download