Overview

overview

6

Static

static

1

Safe_Exam_Browser.zip

windows11-21h2-x64

1

Safe_Exam_...dme.md

windows11-21h2-x64

3

Safe_Exam_...AC.dmg

windows11-21h2-x64

3

SafeExamBr...fo.xml

windows11-21h2-x64

1

SafeExamBr...kgInfo

windows11-21h2-x64

1

SafeExamBr...B.tiff

windows11-21h2-x64

1

SafeExamBr...n.icns

windows11-21h2-x64

3

SafeExamBr...e.icns

windows11-21h2-x64

3

SafeExamBr...n.tiff

windows11-21h2-x64

1

SafeExamBr...nu.nib

windows11-21h2-x64

3

SafeExamBr...ce.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...er.nib

windows11-21h2-x64

3

SafeExamBr...le.nib

windows11-21h2-x64

3

SafeExamBr...ds.nib

windows11-21h2-x64

3

SafeExamBr...am.nib

windows11-21h2-x64

3

SafeExamBr...al.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...ty.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...00.nib

windows11-21h2-x64

3

SafeExamBr...ow.nib

windows11-21h2-x64

3

SafeExamBr...er.nib

windows11-21h2-x64

3

SafeExamBr...n.tiff

windows11-21h2-x64

1

SafeExamBr...ges.js

windows11-21h2-x64

3

Safe_Exam_...11.exe

windows11-21h2-x64

4

Safe_Exam_...up.msi

windows11-21h2-x64

6

Safe_Exam_...er.txt

windows11-21h2-x64

3

Analysis

  • max time kernel
    78s
  • max time network
    97s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 19:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Safe_Exam_Browser/Safe Exam Browser for Windows user/SEB-Browser3.6.0 WIN10+WIN11.exe

  • Size

    263.6MB

  • MD5

    8fc2389ff750b6392cc4332f5ff3107b

  • SHA1

    6515d08c3b7208ada594d75af82aeb1eff8a2ce5

  • SHA256

    b65740b154016e5875f280bda7d59de0fa50ee4b29cd719d23925c7c24999f24

  • SHA512

    ac2d1b5ff642a925b77f721eb661173f0612f870ce140629cd125eae18d9bc99b2ff9155a37bc813d685a7904f3b9bc50b9fc02d4901c7d2dfa010ab8f462178

  • SSDEEP

    6291456:mQuyZsajqAlPPm55RyPVRWKGYITLn6M85sQb4hTaLJW5pv:mQuZ7s3mjRgRWKti985sQUhmVIv

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Safe_Exam_Browser\Safe Exam Browser for Windows user\SEB-Browser3.6.0 WIN10+WIN11.exe
    "C:\Users\Admin\AppData\Local\Temp\Safe_Exam_Browser\Safe Exam Browser for Windows user\SEB-Browser3.6.0 WIN10+WIN11.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3104
    • C:\Windows\Temp\{7498CAE9-19A3-49E2-8F58-AF8E1133F424}\.cr\SEB-Browser3.6.0 WIN10+WIN11.exe
      "C:\Windows\Temp\{7498CAE9-19A3-49E2-8F58-AF8E1133F424}\.cr\SEB-Browser3.6.0 WIN10+WIN11.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Safe_Exam_Browser\Safe Exam Browser for Windows user\SEB-Browser3.6.0 WIN10+WIN11.exe" -burn.filehandle.attached=560 -burn.filehandle.self=556
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:5056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\Temp\{7498CAE9-19A3-49E2-8F58-AF8E1133F424}\.cr\SEB-Browser3.6.0 WIN10+WIN11.exe
    Filesize

    946KB

    MD5

    a476633c54496b90bf52f7cadd19de2a

    SHA1

    be4292230e8f455ab0f1c2e86dc6975f03912aec

    SHA256

    db014493c2de2ffa95535f5e7bdf0a8bbcf82a64d27775d78e1d963f07ac58f9

    SHA512

    11eca16fd007b8f89423cc08670e2ecf340978b22119182eba1675955e8bc52caab3671ab7d61b478fff5de016d6071be5f810f214f890d448fee6d1f6f557b8

    Download Submit

  • C:\Windows\Temp\{E8DE08CC-2BDE-4EE3-A141-A5766689E54E}\.ba\logo.png
    Filesize

    8KB

    MD5

    3dabf4904fdec2b21819207bb034d4d5

    SHA1

    2878e699a679b20e705f18461a25ad7401d239d1

    SHA256

    199faee2605c599338d55d581e9dbc328c7a4f6048ca54ae960125e552059221

    SHA512

    c109de337d4614de429f95025c6fabd8221e02d4182a3b8e98b22f21474e40d74dedf99a07b105d04195f5e4cb814009969889c70c03fbcf4bd43d87bf3c4f89

    Download Submit

  • C:\Windows\Temp\{E8DE08CC-2BDE-4EE3-A141-A5766689E54E}\.ba\wixstdba.dll
    Filesize

    184KB

    MD5

    fe7e0bd53f52e6630473c31299a49fdd

    SHA1

    f706f45768bfb95f4c96dfa0be36df57aa863898

    SHA256

    2bea14d70943a42d344e09b7c9de5562fa7e109946e1c615dd584da30d06cc80

    SHA512

    feed48286b1e182996a3664f0facdf42aae3692d3d938ea004350c85764db7a0bea996dfddf7a77149c0d4b8b776fb544e8b1ce5e9944086a5b1ed6a8a239a3c

    Download Submit