Overview

overview

5

Static

static

5

8fd32227ca...d6.exe

windows7-x64

5

8fd32227ca...d6.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/05/2024, 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fd32227ca310727137c28a5945497447ab479bd074d064ee11a6545d5eef5d6.exe

  • Size

    1.2MB

  • MD5

    2b5917ada9ef1cef3713977421874f68

  • SHA1

    fb74e9a12166950199edc891c59bea4069edcd1c

  • SHA256

    8fd32227ca310727137c28a5945497447ab479bd074d064ee11a6545d5eef5d6

  • SHA512

    1e2c1cab61d86da2d4354a771a4eebb5221c47c09581e499d1e20211ca2e63a900992d829161b77d3231b7e09122411dfa195bf35cf82cf68d94490c9cab6008

  • SSDEEP

    24576:jqDEvCTbMWu7rQYlBQcBiT6rprG8a/J0EhYslvrhI6cI:jTvC/MTQYxsWR7a/J0Eas9Iz

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 62 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3468
    • C:\Users\Admin\AppData\Local\Temp\8fd32227ca310727137c28a5945497447ab479bd074d064ee11a6545d5eef5d6.exe
      "C:\Users\Admin\AppData\Local\Temp\8fd32227ca310727137c28a5945497447ab479bd074d064ee11a6545d5eef5d6.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\8fd32227ca310727137c28a5945497447ab479bd074d064ee11a6545d5eef5d6.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:1752
    • C:\Windows\SysWOW64\finger.exe
      "C:\Windows\SysWOW64\finger.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:920

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut3AC7.tmp
      Filesize

      268KB

      MD5

      01cbc578c30426a9213885b2c7976328

      SHA1

      6cf0e0935f3464b676b308a0c4bbeb06d8eb2f4c

      SHA256

      8d208a375a96923985a66f18d0a6d646064851528b707f75e38128c1b66e6e46

      SHA512

      0cebf7f1d711a0b766cff83995ededde42bc2b8d4543ba890f603c01ca962a61d538b2f28bdaa85c032780ed875deee85ccd39870cc17e72a5199b273f98b573

      Download Submit

    • memory/1752-13-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1752-14-0x0000000001800000-0x0000000001B4A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/1752-15-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1752-16-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1752-17-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1752-18-0x0000000000D80000-0x0000000000DA3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/1752-23-0x0000000000D80000-0x0000000000DA3000-memory.dmp

      Filesize

      140KB

      Download

    • memory/1752-22-0x0000000000400000-0x0000000000443000-memory.dmp

      Filesize

      268KB

      Download

    • memory/2200-12-0x0000000001650000-0x0000000001654000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2360-21-0x00000000004E0000-0x0000000000520000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2360-20-0x00000000004E0000-0x0000000000520000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2360-24-0x0000000000CA0000-0x0000000000FEA000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2360-25-0x00000000004E0000-0x0000000000520000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2360-26-0x0000000000AF0000-0x0000000000B92000-memory.dmp

      Filesize

      648KB

      Download

    • memory/2360-28-0x00000000004E0000-0x0000000000520000-memory.dmp

      Filesize

      256KB

      Download

    • memory/3468-19-0x000000000CA30000-0x000000000D3E0000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3468-27-0x000000000CA30000-0x000000000D3E0000-memory.dmp

      Filesize

      9.7MB

      Download

    • memory/3468-29-0x0000000008670000-0x000000000875F000-memory.dmp

      Filesize

      956KB

      Download

    • memory/3468-30-0x0000000008670000-0x000000000875F000-memory.dmp

      Filesize

      956KB

      Download

    • memory/3468-37-0x0000000008670000-0x000000000875F000-memory.dmp

      Filesize

      956KB

      Download