Overview

overview

7

Static

static

5

a6986bf0b9...9b.exe

windows7-x64

7

a6986bf0b9...9b.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a6986bf0b9dedf3fb327a3201ca01bf7f05b4d868839b3c10090b57f1740e99b.exe

  • Size

    1.1MB

  • MD5

    14412d2aa398990082b683389385fb85

  • SHA1

    158c3c43becd614837910f21ae163a4ebc09e80f

  • SHA256

    a6986bf0b9dedf3fb327a3201ca01bf7f05b4d868839b3c10090b57f1740e99b

  • SHA512

    e9daa68d9793d85315a948640a0ed23e5f9576a54de1f79e21ebdaa641521c5bef14908c708ae29dc57d206a496497ac9ec575c38b1542e800c2d9366af4049f

  • SSDEEP

    24576:BAHnh+eWsN3skA4RV1Hom2KXMmHaHhDxJV5RI2m0A/5:Yh+ZkldoPK8YaHxxJu2mN

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Users\Admin\AppData\Local\Temp\a6986bf0b9dedf3fb327a3201ca01bf7f05b4d868839b3c10090b57f1740e99b.exe
      "C:\Users\Admin\AppData\Local\Temp\a6986bf0b9dedf3fb327a3201ca01bf7f05b4d868839b3c10090b57f1740e99b.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\a6986bf0b9dedf3fb327a3201ca01bf7f05b4d868839b3c10090b57f1740e99b.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:4848
    • C:\Windows\SysWOW64\certreq.exe
      "C:\Windows\SysWOW64\certreq.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:3596

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\aut4DF1.tmp
      Filesize

      263KB

      MD5

      4d8361eeb2e70a2b8731e63ddf0b50dd

      SHA1

      f6a1e5ba7c59b6595809f42216a190481a34efae

      SHA256

      c62a9316957f85723e4a9f5ae04a329cbaae3c26868a0bedd9b778208648db2a

      SHA512

      5b62a25f5275026964171c7e844cec7c762da13135d9d1c086af4ca8bca29a32a8e770486ad6043db703044962f106d032a6efa75e01b9720b6cee21d1c27626

      Download Submit

    • memory/780-26-0x0000000002960000-0x0000000002A00000-memory.dmp

      Filesize

      640KB

      Download

    • memory/780-25-0x0000000000560000-0x000000000059F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/780-24-0x0000000002B20000-0x0000000002E6A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/780-20-0x0000000000560000-0x000000000059F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/780-21-0x0000000000560000-0x000000000059F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/780-28-0x0000000000560000-0x000000000059F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2104-12-0x0000000002290000-0x0000000002294000-memory.dmp

      Filesize

      16KB

      Download

    • memory/3376-38-0x0000000008320000-0x000000000843E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3376-30-0x0000000008320000-0x000000000843E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3376-29-0x0000000008320000-0x000000000843E000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/3376-19-0x000000000DAE0000-0x000000000E7F9000-memory.dmp

      Filesize

      13.1MB

      Download

    • memory/3376-27-0x000000000DAE0000-0x000000000E7F9000-memory.dmp

      Filesize

      13.1MB

      Download

    • memory/3596-37-0x0000029DE6700000-0x0000029DE67D5000-memory.dmp

      Filesize

      852KB

      Download

    • memory/4848-17-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/4848-15-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/4848-16-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/4848-14-0x0000000001400000-0x000000000174A000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4848-13-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/4848-18-0x00000000024A0000-0x00000000024C1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/4848-22-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/4848-23-0x00000000024A0000-0x00000000024C1000-memory.dmp

      Filesize

      132KB

      Download