Analysis

  • max time kernel
    118s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    06/06/2024, 20:33

General

  • Target

    6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe

  • Size

    2.2MB

  • MD5

    c8e59f75cb74e2a8d644368d5a06ca68

  • SHA1

    562af1976898764ffc35df1d523e98fa95630e8a

  • SHA256

    6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c58

  • SHA512

    74a6bd15ed411d3ce70ecd40e71f09aec019752cfc004a1adf5e738ef6a448249d47cca82064c80fdc4ab70a6ce5268bdf0957cbbe6901488728427ea3dde127

  • SSDEEP

    49152:W2+BF5f37D5to87s3Kv3mqI6VeOMjUfkptVxIyijdTB:W2+BFB3X7oMs3Kv3mjUu5SB

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
    "C:\Users\Admin\AppData\Local\Temp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\jds259398150.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe
      "C:\Users\Admin\AppData\Local\Temp\jds259398150.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:2852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\jusched.log

          Filesize

          1KB

          MD5

          d41e6a5a841c1d943070024394910e27

          SHA1

          a84225fd62846457c2118701f33f65d49c517f3d

          SHA256

          5eac2eb965e735b2372788d96a7b98f730dd5ab398fa6846375d1fbd7782e86f

          SHA512

          d9433eb128d0a9e2ead06067b598916c6cbe269d2a0ae2628c9fac49e446753d6848db427d1744fe090af8233f0fc083563aff50c67dee9cccc0bafd5520d06b

        • C:\Users\Admin\AppData\Local\Temp\jusched.log

          Filesize

          5KB

          MD5

          81d1b93858ccb4f132cd072ff32198cd

          SHA1

          26d880743c66073baedf080f8fccdd2ba68ecf3d

          SHA256

          2c03b42b879939924ab19ec55719fd661b0d384ae875106dde73a13af78cdfa1

          SHA512

          119826c7202e6a1676d27f122c0f4b933543a134b1ef87cd36fbab522d4f09c3c70faeec6b8ca169a1464a36cbbc9a488095492c8af40a6831f9e15e14577193

        • \Users\Admin\AppData\Local\Temp\jds259398150.tmp\6e68df42609b8b7b9104a20ddbffefad8339afa4e1667139eace9601e9fa0c580EppPaB86d.exe

          Filesize

          1.9MB

          MD5

          a9b69edaaf925ea6a71679d9a0f56266

          SHA1

          efe45a8e10c3d559b4800b0974f65bf0e87c747b

          SHA256

          e37988551194fccbbb82fc0a159a9b9abb242cdaed14a331cbceb0f5195e18f4

          SHA512

          663f2dc7a6faa7c2a0db5ad3d60b9e0909543b77285a048a1b3c7b20d3cd2a8607202bfc8a0d4b597ec517a7b0ed01f446a4a9c722a750a07f5ece56dff74e23