Analysis
-
max time kernel
140s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
11-08-2024 11:47
General
-
Target
Planilha.exe
-
Size
344KB
-
MD5
89c82797051736ef6c970467dcef9ce4
-
SHA1
ab09e454359df1eafc76b792bc7f995939152aff
-
SHA256
6102b8c94a4d12e58f52b59c0f7ab814c81b57d1de1690dabf516576391dfb98
-
SHA512
0b4b7feef714411d210056ef4340399b7a90d7c94c3de2a5ad5beeaac62d83a4fb798c58f6dfd79bf061edc5d67ca0c78c4e80ab098da9690dc9e45b70aac09b
-
SSDEEP
6144:FOU1i5mpephPxslws1zJWEffD6HF8uJf+hgoB3bLu55g6RziaL3O:QU1icpSAwAJWsfD6l1DoBvu7BR
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
UAC bypass 3 TTPs 1 IoCs
-
Windows security bypass 2 TTPs 7 IoCs
-
Drops startup file 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification 2 TTPs 11 IoCs
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Modifies registry class 16 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
-
System policy modification 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Planilha.exe"C:\Users\Admin\AppData\Local\Temp\Planilha.exe"1⤵
- Modifies visibility of file extensions in Explorer
- UAC bypass
- Windows security bypass
- Drops startup file
- Windows security modification
- Checks whether UAC is enabled
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://pinkaholic.ru/products/erro.php2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
1Hidden Files and Directories
1Impair Defenses
3Disable or Modify Tools
3Modify Registry
6Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304B
MD5d62714b8d24451e18242b962aaab63cd
SHA134d18301f77f58fc4be5abe2754e168bd5797a32
SHA25665897d312a65ebb010a424dc82afdf867133c28d6daf6465c5252fd8e62ebdc9
SHA5120863684849e3b24fff6d36cb37fd39a5bc91934c717a758e89f58b83d74fbf588bb79c96131919e55c77bcfde7fd381179a6cc7b46c6d37fa4d5f8ef9fb64d7f
-
Filesize
304B
MD5c32d4551895f0acf3252268407a7e0f8
SHA166a7e058fe9e6a514df35445fb1972a87ba9e8ba
SHA25683b1819da9d53f17cab914d63948dcc18e62cab67ff06a952886531295b8e494
SHA5127fcf905d6cd553141cf3b701169f99ddfa3604fa492f23c5c8ccb87b297e46f3eafe128b07876b4a0bc9a4baa57e2bb697efbcca6902db3121be21a1e6df00c2
-
Filesize
304B
MD5b6fad5a0d2c079262eb66045d4b99118
SHA16912e6724cbeff61000338c9bce446f14f31f350
SHA2567dc20b3bbf9369b9324006e9a7ef3fc660469e929ef4dfa67fd33bb4e32425d8
SHA512d703fd58c27251c9d90cc3c43c37ccee19fb303c255048d6957bfe49aab9a2440a071bf87d5dbc714bc8e658e0b3e5cb8afcf315ab053b51d8d5bf8fbbc90a2a
-
Filesize
304B
MD5b40f288f31d9065ab482da718eefc570
SHA1c8526b2b7531a3383045ebc3df2e1b2ede4e9304
SHA256171f10a3f957953dbbb5972be143e07c1c283e8040f4de240612aeaf6b5927bf
SHA51261ad1d292f7f1319172cdeb9e5ab5c35d95eb251412355b88b4c79817bd01e4ab9e6ed609fec0f92d5361eea6f0c877929323e7623ef4813a7baa15e23a2ef40
-
Filesize
304B
MD5f7e3ccec7ddd09e52637403c1bf0b4c6
SHA198821ed70d10684c4c241f33ac58b7745318bfd8
SHA256c92b61546dc8c11d55d23c26c79e81f5869aa27655461ee060251b24de35b6bd
SHA512ea2169a69af0afc7587d97b464ef06a814f2488f372d9225e1cc338942a008f739013401a25f6b4c879d22994e75018d6ad2281bae3f09c17f100f411650e9e0
-
Filesize
304B
MD5185f2dac3fed61e1c1150cce5e690232
SHA1ff2e90fa0f2367751213fb353d4157336df56f9a
SHA256f3528bcca140b8571bd2963932e7d06dd48daf86be96cd47523cf120028f29f5
SHA5126159c3252cce17186c417f1b9594a3d7b82ad5f0616a64470bda067a90530386e2d338887bee12278d135cb97c4b4c491248ceecdd994e3f9ac3f45320243712
-
Filesize
304B
MD5593740b6126bf0f8da437f2dbb5e0564
SHA1834f1d0086e1eb00007663edf403c2ac40c03ec9
SHA2561a1516ddec141aefc9b81377bbaaa912462dc6fbcc2c9a5fa0e84f1efead262d
SHA51253720227890d17b7a9cf13a15b3fcc16fe9ed2868d4a2ba5f838820d5e3c974f780c21629fb9afead47cbdc204338a08a35fae3ef844a87a4c774b6889a17d63
-
Filesize
304B
MD527006d9a253d37be03ed85e628130c40
SHA15497443d7c70c6199e275056c998fbea20487b37
SHA256095188c49de6d866613c973c31aef22818c494a294da8e56283f4510162001e2
SHA512d31a15d0efbce41b44d2293a3c4a7aeaa4354a9992a591a4ea67db40afb35d1dcc34d945a8e37ba3981e7766a217215c2a61ee5b7acedaab9fa69ca34e057846
-
Filesize
304B
MD5862f41b21662261b418daca6b0d4627f
SHA19bce40264883b1d59a57ce59d758346016e3f997
SHA25649f70ce2194ebeae5d588faa9416bb502b317a46a68b9b7f97ff6b9a3899f455
SHA512c51e6b3925eae32c0cf87efa29db0cbc5a344a448bab263d6033c9f65dc7b3217533d74e566324786fba43aad8272cb649bac2953eb651650b29f1f2ee88d413
-
Filesize
304B
MD5b3a1f009d0376b398af1651a71e944a1
SHA1d073c7beb1364902650681738ade25b24cb7439f
SHA256def5dacd1f4872cbf99a4ecf68b919dab04702abda3ca2bb82711b2452e33944
SHA51270dba6e69c5776838d820b5f4d21f6c93b6ec3b6db39fbb1cbdb1f15e34d0f147f2ecf19944d323965f47003a9d98ad1cb93e1977f957116106dc4fcfde45a6f
-
Filesize
304B
MD597ee20c70427a58f5f3b368ec804e063
SHA170ac1f0e9cf0ad302fda94c305f902651cb434fb
SHA25627dd1515faa89299e7cd7f0a93ee087c15a83777fdf4c2a914af5e8bdb165182
SHA512d49834c8248e52c518f849f86d0fec1129e7ccb19686fbe3a5ba3c6d7d977f1f62c82716d665ec77d23b403cab4fc0c4c66b8af8dfa79b35a6766212ff164e51
-
Filesize
304B
MD5cc92e103b0073ab06e96e992a97b3268
SHA12a4b8fadf855243405637539709fc6ec09c79a9a
SHA25692348d0015827152a55214018f55cf80e48ca90fd09f803d109246a85f8d14cb
SHA51214ef500214265e7b23f70152499d2f2c6fa5bc9b2d73cd969c09f494b17965e5173f505836e00ec83748a60f2cb194e3df18abf73b34af3d8261ae38931c5df3
-
Filesize
304B
MD55f570f5769df6bb373438d5eec368a5e
SHA1993e1f30e412bffed04a5d0e0a62500a6761f87f
SHA25611d1aaa97a7f5894bd6a6506a4221ed90d52efd77317aca0f26af89d05c1a5ec
SHA512ebace9436e2478004d818318051cc92ef0977088ab44aa8791d35792bb99b219628243b09d709f0e086cbbdf8900b5a9f983505d8779eb72beb51194f9743137
-
Filesize
304B
MD591eeffd12eb62ee0e905166a413bb6b0
SHA12ea884338d4b09233cdf2be1522121c2b3c1a0a9
SHA25642c6ac6769095d5b921dd8930849628c7b1d99e9534ce6fef52f4f601be2f46b
SHA512f1ad07fcd4bf2c876a852ffe37d024324f3506a47fe1882edc767c784703d4beaebdf7cfc2ae8d2c9f08d3b1ec4ea4e45ebe3a6c145b3dd7df2c3342719650d3
-
Filesize
304B
MD5e2c563f3980c4ef6fe91e7f80bc13757
SHA152e54d83c2a2c6d86ced4b0b58c26464bd9ecdc2
SHA256bc5d84c168fb0513109c7791b847930d55b69f4157e8502dbe7aa3150c3fab56
SHA51295b69e97ab5d900ba61cbd1f2605ebfab2f502e8beab68a9546174128a5fd482fe375c1277372092436424a2db9c07da3389b46220c9455bec6321d95ff389ee
-
Filesize
304B
MD50117cadf4357cd65a3420d6f230439eb
SHA18bb25e14ac8df2666471abc3c9d9a158310f64fd
SHA2560fde0c6dbc748e0bf7ddfd6466726e48f65cd301ec6eff12db2091980eec8497
SHA512d999821e1e98ad0693b16c5ef4c29324e0a5a05c91c32a6e6b23eb4f4be8dcd3afeb4e3859a0cddce667c301028fd85edb53880f114d6ae449a8fb1f1aa1afa9
-
Filesize
304B
MD528ec67f55f03ed9279e621c2421724fa
SHA195fef5d0837b0e3e759aff5086db62af008ff3bb
SHA2569140ab6f80fe2b1e222a52c5f74eaca5780b47863d13b34bfebd86d6a1aaa22f
SHA512622e666bf86334015ddda02c2bda29fbd83ad4231fa904f302251babf5172d5326d0fb6c63973f4ad82b5eb54886168d5ed9b57deb7248de67d31b4ae173e685
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
1.0MB
-
Filesize
1.0MB