Overview

overview

7

Static

static

3

44b5649cee...0N.exe

windows7-x64

7

44b5649cee...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 08:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44b5649cee545a7547ffab25c2819020N.exe

  • Size

    1.9MB

  • MD5

    44b5649cee545a7547ffab25c2819020

  • SHA1

    a80da29b907bb88edadf324860c6635451ebb5c5

  • SHA256

    6e900c88de00dedd963a7bb90946d97258c7249f083248aa2d2f426ea7a29e12

  • SHA512

    462b1a9f709858825c148e207c0cacddf8b402edc88ddaaecf472cf5e0df5c23f3d9e83b7030b0a0e640720de500d79999123f99ad3ee1f47c02d4f2cca48241

  • SSDEEP

    49152:CvSzkJnOyQpABa+VsNbwzPhTzAGN9L7j0f0uzkf:CqzkbkbhwzKGNN

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\44b5649cee545a7547ffab25c2819020N.exe
    "C:\Users\Admin\AppData\Local\Temp\44b5649cee545a7547ffab25c2819020N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      C:\Users\Public\Documents\Wondershare\NFWCHK.exe
      2⤵
      • Executes dropped EXE
      PID:6064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    2KB

    MD5

    e98f4d81caa22f58f8f988df3e3cfeaf

    SHA1

    58ebd8e2404fae5ea46c1977d55e6c470ec61049

    SHA256

    3b325b682d2a260268618dc17407a35c9a5cff2d25a7f02c7537dc9541483a1a

    SHA512

    be7d64eccc171ad7598d15d2f939cc3bc454e8e43fde9bb466ae096c51adefa93f98f1f21d26484f972d71988beb06c6d52ba43904ba056068c4293d6df5bbc7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wsduilib.log
    Filesize

    68KB

    MD5

    a26858c9a923b280c54d3fb5dedf0cfd

    SHA1

    dfe0db75e3e73d9578d0d0489cf60e6ecbc16da2

    SHA256

    0851c417a0c3528d9b6d480185ddb3d19909b3f7555402a86e4c3f36a190fef1

    SHA512

    8321a1bf3316a5540cd645b9d71516a09eeac6ce9cb94c8388e7c05cc214ba7d3da3f43b397d4a1aa09bcf9d87bb032aef97e4c70aac5598dadcf4ea9db82ba3

    Download Submit

  • C:\Users\Public\Documents\Wondershare\NFWCHK.exe.config
    Filesize

    223B

    MD5

    5babf2a106c883a8e216f768db99ad51

    SHA1

    f39e84a226dbf563ba983c6f352e68d561523c8e

    SHA256

    9e676a617eb0d0535ac05a67c0ae0c0e12d4e998ab55ac786a031bfc25e28300

    SHA512

    d4596b0aafe03673083eef12f01413b139940269255d10256cf535853225348752499325a5def803fa1189e639f4a2966a0fbb18e32fe8d27e11c81c9e19a0bb

    Download Submit

  • \Users\Public\Documents\Wondershare\NFWCHK.exe
    Filesize

    7KB

    MD5

    27cfb3990872caa5930fa69d57aefe7b

    SHA1

    5e1c80d61e8db0cdc0c9b9fa3b2e36d156d45f8f

    SHA256

    43881549228975c7506b050bce4d9b671412d3cdc08c7516c9dbbb7f50c25146

    SHA512

    a1509024872c99c1cf63f42d9f3c5f063afde4e9490c21611551ddd2322d136ce9240256113c525305346cf7b66ccca84c3df67637c8fecbfeebf14ffa373a2a

    Download Submit