Overview

overview

5

Static

static

3

085d42dd20...a1.exe

windows7-x64

3

085d42dd20...a1.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 14:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    085d42dd20ffe5f9725a1d0197bc44f40e9750e0996f189f0d74f70a4e7482a1.exe

  • Size

    1.1MB

  • MD5

    185bfc658c12575237d1a970aedf59dc

  • SHA1

    e1e2350fc01c3a5fa936c04c16bb3ce6145592f0

  • SHA256

    085d42dd20ffe5f9725a1d0197bc44f40e9750e0996f189f0d74f70a4e7482a1

  • SHA512

    ec45e14716580c30c1dfb78f62a221ac9dfc84f61777a966ff600616ab0d00f3da210608c25cb257fa7e44f3010711cc64ee577ee49e7284ef9f5ac189fc3e01

  • SSDEEP

    24576:4f25o/ty5xQYr2+unJ3BpAFN/gCaI/jWjk:4JeM3M9Z/jWjk

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3384
    • C:\Users\Admin\AppData\Local\Temp\085d42dd20ffe5f9725a1d0197bc44f40e9750e0996f189f0d74f70a4e7482a1.exe
      "C:\Users\Admin\AppData\Local\Temp\085d42dd20ffe5f9725a1d0197bc44f40e9750e0996f189f0d74f70a4e7482a1.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:5780
      • C:\Windows\SysWOW64\colorcpl.exe
        C:\Windows\System32\colorcpl.exe
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:3212
        • C:\Windows\SysWOW64\RMActivate_ssp.exe
          "C:\Windows\SysWOW64\RMActivate_ssp.exe"
          4⤵
          • Suspicious use of SetThreadContext
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:2476
          • C:\Program Files\Mozilla Firefox\Firefox.exe
            "C:\Program Files\Mozilla Firefox\Firefox.exe"
            5⤵
              PID:5296

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/2476-13-0x0000000000E90000-0x0000000000ED0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2476-10-0x0000000000E90000-0x0000000000ED0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2476-14-0x0000000000E90000-0x0000000000ED0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2476-9-0x0000000000E90000-0x0000000000ED0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/3212-7-0x0000000002B10000-0x0000000002B36000-memory.dmp

            Filesize

            152KB

            Download

          • memory/3212-6-0x000000000485E000-0x000000000485F000-memory.dmp

            Filesize

            4KB

            Download

          • memory/3212-5-0x0000000004830000-0x0000000005830000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3212-4-0x000000001C5F0000-0x000000001C93A000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/3212-11-0x0000000004830000-0x0000000005830000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3212-12-0x0000000002B10000-0x0000000002B36000-memory.dmp

            Filesize

            152KB

            Download

          • memory/3212-2-0x0000000004830000-0x0000000005830000-memory.dmp

            Filesize

            16.0MB

            Download

          • memory/3384-8-0x000000000D890000-0x000000000FC1E000-memory.dmp

            Filesize

            35.6MB

            Download

          • memory/3384-15-0x0000000003390000-0x000000000346D000-memory.dmp

            Filesize

            884KB

            Download

          • memory/5296-22-0x0000023E23610000-0x0000023E23709000-memory.dmp

            Filesize

            996KB

            Download

          • memory/5780-1-0x0000000000400000-0x000000000051C000-memory.dmp

            Filesize

            1.1MB

            Download

          • memory/5780-0-0x0000000002400000-0x0000000002401000-memory.dmp

            Filesize

            4KB

            Download