Overview

overview

4

Static

static

1

ff6a3ada84...0N.exe

windows7-x64

4

ff6a3ada84...0N.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23-08-2024 08:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ff6a3ada84ca316b35d764b0d9816770N.exe

  • Size

    2.4MB

  • MD5

    ff6a3ada84ca316b35d764b0d9816770

  • SHA1

    2369a4cf45a238e6449677507f259eccee03535e

  • SHA256

    76eb5e05a4be68da1e55addda0c309fb53c90168d8ba04b6e4af7ca1869a099e

  • SHA512

    6fa1cbb9d0ea3529392a499113d43fcdf3991d9fb72e78e0677ba53b51aa5f7963adfbbef1eca443f4340995d449f4656fe8a78d580bd857b121ec2cf30764cc

  • SSDEEP

    49152:2vSzkJnOyQpABa+VsNbwzPBT//c6Y0fxfNrBdf0uzkfS:2qzkbkbhwz5cb0fxfNrl

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ff6a3ada84ca316b35d764b0d9816770N.exe
    "C:\Users\Admin\AppData\Local\Temp\ff6a3ada84ca316b35d764b0d9816770N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:1708

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    0e74375c2f2ee010fe3a4c9d2c01096c

    SHA1

    be0e9cb7cfdafd300e67847aa4e2eea1161ec608

    SHA256

    c59de7693cba2a4e3124ca0bea2d9ffae271df154625f5f667e5638f41022e63

    SHA512

    c7b935cab34c26b60d1fd743613659acc98784ec969b3af258abf2778c2e8b377f59fe54a7d6e6637d7ec33698376deb83d52f98fd901fea7c8d26b460575832

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    1KB

    MD5

    55ff63efadbb8154c3c15d9b2146afc7

    SHA1

    7433a576a41f5cfbb3f2ad8d2ef9bffc3f55a0f8

    SHA256

    edff14f4faa11b10a3efa94643d949d80b8afa2836d80f29b88fa5f451a56260

    SHA512

    c95d465649c20b10633cd7ee7cf40eab3273c31497a11a2a505794e6e3191909d4c5d9825a08b1a06ce93368caa5d16aa58a7e8367f16d91be56b9aa3423ba54

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    2KB

    MD5

    a548b423785619edfec3456877fea5d7

    SHA1

    ae5f6b7ab1d206180234b872799d44452ab7f398

    SHA256

    e94672b3e655eb76f3dd47a2b68b9007aad9e26d8336b0f2565d45e1eef4f353

    SHA512

    04c5a27c81afc68c95a73460b6729627ea3f64d638d26d1bc9e47f7e2d6d2d0ab6c833f66295cc538f5b27ac9ac0d07bd643fe37bf66d0e75fac5fe064cccce4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    8KB

    MD5

    3ac3e7a43b1dfabfca7e52e560aa4971

    SHA1

    bb27a3334444c0602bc3979ebc2b85d95222e487

    SHA256

    5b64b2f9d35c37aa8e9e4163aa6fdaf38b94407d55591f8b144b37458c715f31

    SHA512

    4ba16ade6418a16569ac49527dfd0e65a18dfaf94a5bf6be8a242de10a401166310d55aada0fbc113add7811c1e4d3f8969fd6473b8444e92118f92699f0c3bd

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    223B

    MD5

    5babf2a106c883a8e216f768db99ad51

    SHA1

    f39e84a226dbf563ba983c6f352e68d561523c8e

    SHA256

    9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

    SHA512

    d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

    Download Submit

  • \Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit