Overview

overview

7

Static

static

1

Appdater.exe

windows7-x64

6

Appdater.exe

windows10-2004-x64

6

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

render.exe

windows7-x64

1

render.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2024, 15:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Appdater.exe

  • Size

    3.4MB

  • MD5

    c163cdba001008bfeebab14dce7a5875

  • SHA1

    e6eea0b04e221f491d70a3d910d5cda55ead43ec

  • SHA256

    3847d0e464b8ed843f973c3609935fa03571936377f54e09424fc421ddc0afb4

  • SHA512

    6f0b370c96179dd11b26d2f57b932a4ba24421c48a73f84ac0d18caa6963ce1636425a28ce74b2d0b9dae04dc9865f50b5f25abee55c60f01920e734d55efe80

  • SSDEEP

    49152:a5APhegSLUTwIve1dkQPG35ZTwqk+bwLUd9Si3inY9:lfwIv+G357ZUwiC

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 33 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Appdater.exe
    "C:\Users\Admin\AppData\Local\Temp\Appdater.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Appdater\Appdater_2024-06-14.log
          Filesize

          20KB

          MD5

          cbcab293d3f03b8de988ade5f6fbec41

          SHA1

          3427095090e2240cc62778d8529f3143c0f4911e

          SHA256

          6f8dc4e3d2d51f86d3fb9d203d8d2a1d4537f414cf911ad98dcd57b15c69e1a5

          SHA512

          042920d4165234d20ebf91559019b1c6e915b0757c73a3d3f2aedebc32e73194e08973ab8737cc1ae2ce800043d0984188d62c8978774b3e1481fa3e1d1ce614

          Download Submit

        • memory/2484-173-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-175-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-3-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-4-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-92-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-91-0x0000000009EC0000-0x0000000009EE0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/2484-2-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-1-0x0000000000415000-0x0000000000416000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2484-174-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2484-0-0x0000000000230000-0x0000000000231000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2484-177-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-184-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-185-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-191-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-193-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download

        • memory/2484-196-0x0000000000400000-0x0000000000796000-memory.dmp

          Filesize

          3.6MB

          Download