Overview

overview

7

Static

static

3

Lisect_AV-...00.exe

windows7-x64

7

Lisect_AV-...00.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 06:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Lisect_AV-T_G3_100.exe

  • Size

    683KB

  • MD5

    e165c91016d1098ae781c698ebb277cf

  • SHA1

    93c87aa4a53e417b46d1ca4327035d5775f53f62

  • SHA256

    5318d1a14cab2cf8909622d61cabc07e23dd95eebab59898f8d95896cae8df67

  • SHA512

    11e42c9fc5c63943fdc2086c4be4dda8f053902b214a2065c716bc1945feaf42fd7b50e564b4a57067083fabe4d3e91648a3e80662e1708dcd6b80f8fff47f4a

  • SSDEEP

    12288:eZuumVcrmovF98HURfSTC/Ud69ZhJnNsuuJ/k0wcBVSq5SLp45PWICMZhNmMhlm:rum+rm49Gii6rNsu90w0SqNN1CMjNl

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3444
    • C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe
      "C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4572
      • C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe
        "C:\Users\Admin\AppData\Local\Temp\Lisect_AV-T_G3_100.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:3128
    • C:\Windows\SysWOW64\extrac32.exe
      "C:\Windows\SysWOW64\extrac32.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:5052
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:2224

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3128-12-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3128-23-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3128-19-0x0000000000C30000-0x0000000000C54000-memory.dmp

      Filesize

      144KB

      Download

    • memory/3128-18-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3128-17-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3128-16-0x0000000000400000-0x000000000043D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/3128-15-0x00000000010C0000-0x000000000140A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3444-31-0x00000000025F0000-0x00000000026B3000-memory.dmp

      Filesize

      780KB

      Download

    • memory/3444-30-0x00000000025F0000-0x00000000026B3000-memory.dmp

      Filesize

      780KB

      Download

    • memory/3444-27-0x000000000D140000-0x000000000DD10000-memory.dmp

      Filesize

      11.8MB

      Download

    • memory/3444-20-0x000000000D140000-0x000000000DD10000-memory.dmp

      Filesize

      11.8MB

      Download

    • memory/4572-7-0x0000000005730000-0x000000000573A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4572-3-0x00000000051F0000-0x0000000005282000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4572-14-0x00000000752A0000-0x0000000075A50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4572-10-0x00000000752A0000-0x0000000075A50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4572-9-0x0000000007DF0000-0x0000000007E8C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/4572-8-0x0000000006700000-0x000000000677E000-memory.dmp

      Filesize

      504KB

      Download

    • memory/4572-0-0x00000000007A0000-0x0000000000850000-memory.dmp

      Filesize

      704KB

      Download

    • memory/4572-6-0x0000000005720000-0x000000000572E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/4572-5-0x0000000005290000-0x000000000529A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4572-11-0x0000000005480000-0x0000000005490000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4572-1-0x00000000752A0000-0x0000000075A50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4572-4-0x0000000005480000-0x0000000005490000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4572-2-0x00000000057A0000-0x0000000005D44000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5052-21-0x0000000000A80000-0x0000000000ABA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/5052-26-0x0000000002910000-0x00000000029B3000-memory.dmp

      Filesize

      652KB

      Download

    • memory/5052-25-0x0000000000A80000-0x0000000000ABA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/5052-28-0x0000000000A80000-0x0000000000ABA000-memory.dmp

      Filesize

      232KB

      Download

    • memory/5052-29-0x0000000002910000-0x00000000029B3000-memory.dmp

      Filesize

      652KB

      Download

    • memory/5052-24-0x0000000002A10000-0x0000000002D5A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/5052-22-0x0000000000A80000-0x0000000000ABA000-memory.dmp

      Filesize

      232KB

      Download