Overview

overview

7

Static

static

3

919084783.exe

windows7-x64

7

919084783.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/05/2024, 04:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    919084783.exe

  • Size

    666KB

  • MD5

    478c61042cf2e405634cd28465332ce8

  • SHA1

    4468ecfc493930cca285e23eaf87d2da1d7caa94

  • SHA256

    45db9d9d372ec43413597450d7a888e4ae195e7ae12e1fb9709524469e42adba

  • SHA512

    c1568994b6849f1873936eb9baac098e8ef2519794bb8f27d77339a4342df46f7df161a523d0df79ddaf4d9e446dfced9cc7dacb1d1e22d43873920ef7edf01b

  • SSDEEP

    12288:Dgeh+QxEID1Rgf4tQnPkTFhpviFrXsmnztHf5lRpde4acO3qZjXfaGcU9lt/:rhzGIJ5yPYgtXsKfnRX5/O/GcU9l1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\919084783.exe
    "C:\Users\Admin\AppData\Local\Temp\919084783.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Users\Admin\AppData\Local\dbcTMP\Fav~Url.tmp
      C:\Users\Admin\AppData\Local\dbcTMP\Fav~Url.tmp -y -o"C:\Users\Admin\Favorites"
      2⤵
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      PID:2868
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\fbinst.dll "C:\Windows\dbcOnce\SUPPORT.IM_" output IMG/* %~nx
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1524
      • C:\Users\Admin\AppData\Local\Temp\fbinst.dll
        C:\Users\Admin\AppData\Local\Temp\fbinst.dll "C:\Windows\dbcOnce\SUPPORT.IM_" output IMG/* %~nx
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        PID:1624
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 50&reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "www.hao123.com.bz" /f
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4680
      • C:\Windows\system32\PING.EXE
        ping 127.0.0.1 -n 50
        3⤵
        • Runs ping.exe
        PID:2696
      • C:\Windows\system32\reg.exe
        reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "www.hao123.com.bz" /f
        3⤵
        • Modifies Internet Explorer settings
        • Modifies Internet Explorer start page
        PID:1476
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del /q "C:\Users\Admin\AppData\Local\Temp\919084783.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\system32\PING.EXE
        ping 127.0.0.1 -n 3
        3⤵
        • Runs ping.exe
        PID:3284

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\fbinst.dll
          Filesize

          124KB

          MD5

          fccff3d5e754a1085fef98eb3e8692e3

          SHA1

          5cbaf970ef9b6aa0d3f483696d7b237ddd34d35b

          SHA256

          2387ffc71eafbe8ed499cf17fcced69313eb3235ad2ed107c91e3eabc29462db

          SHA512

          ea766834f0b398706d410f99d323c8c0f1cae768697bbdf28776fd64bccabc5bf4e307eb7bc12c6c182336006d9b7f4848595323f6e9946753da037f1684a008

          Download Submit

        • C:\Users\Admin\AppData\Local\dbcTMP\Fav~Url.tmp
          Filesize

          142KB

          MD5

          784823cfe98f41e645af6eaa0879d227

          SHA1

          72cee3514f98fc79da3254dbf10975e54794ddd1

          SHA256

          66ea7a41c6deee45e53155cd4dbc30a4837eb50a3b3d4b7ba692926350a87f91

          SHA512

          59734096ff25e777ef1fe20d6c989d3fa2a7750be041366217b518d1d30b89cba33412a384d0c0b89be3cfcde615646610d8498e16c7927c3f8681795c704435

          Download Submit

        • memory/1624-65-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB

          Download

        • memory/4608-2-0x0000000000400000-0x000000000053A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4608-8-0x000000000047E000-0x00000000004C4000-memory.dmp

          Filesize

          280KB

          Download

        • memory/4608-7-0x0000000000A60000-0x0000000000A61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4608-5-0x00000000009E0000-0x00000000009E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4608-4-0x0000000000A00000-0x0000000000A3E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4608-0-0x0000000000400000-0x000000000053A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4608-1-0x0000000000A00000-0x0000000000A3E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4608-6-0x0000000000A50000-0x0000000000A52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/4608-3-0x0000000000400000-0x000000000053A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4608-66-0x0000000000400000-0x000000000053A000-memory.dmp

          Filesize

          1.2MB

          Download

        • memory/4608-68-0x000000000047E000-0x00000000004C4000-memory.dmp

          Filesize

          280KB

          Download

        • memory/4608-71-0x0000000000A00000-0x0000000000A3E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4608-74-0x000000000047E000-0x00000000004C4000-memory.dmp

          Filesize

          280KB

          Download

        • memory/4608-73-0x0000000000400000-0x000000000053A000-memory.dmp

          Filesize

          1.2MB

          Download