Overview

overview

7

Static

static

3

d3a4be43fd...f7.exe

windows7-x64

7

d3a4be43fd...f7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/09/2024, 23:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d3a4be43fda6285a85ff94fa62f8daea60ef31ca27384ecbb35a2793e3214ef7.exe

  • Size

    7.9MB

  • MD5

    8d1307a9e1186f89399e2251998f1494

  • SHA1

    d2614c64b38c812e1ceafdac6b5527b21dc4c6c3

  • SHA256

    d3a4be43fda6285a85ff94fa62f8daea60ef31ca27384ecbb35a2793e3214ef7

  • SHA512

    496f235c39695b88358c96891fc61ca0440130dd9cfecdbc68d8c2747c9cdfac8b3d2542c49df82d01b3192ce04d5e343584df711e0049626f2c2028c78241b2

  • SSDEEP

    196608:8Eazg7DSmEazg7DSmEazg7DSmEazg7DSN:Og7uYg7uYg7uYg7uN

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d3a4be43fda6285a85ff94fa62f8daea60ef31ca27384ecbb35a2793e3214ef7.exe
    "C:\Users\Admin\AppData\Local\Temp\d3a4be43fda6285a85ff94fa62f8daea60ef31ca27384ecbb35a2793e3214ef7.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\SysWOW64\reg.exe
      "C:\Windows\System32\reg.exe" ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Windows Update" /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe" /f
      2⤵
      • Adds Run key to start application
      • System Location Discovery: System Language Discovery
      • Modifies registry key
      PID:2764
    • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
      "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2684
      • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
        "C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of SetWindowsHookEx
        PID:2928
    • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
      "C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

  • flag-us
    DNS
    sunray1975.zapto.org
    7D57AD13E21.exe
    Remote address:
    8.8.8.8:53
    Request
    sunray1975.zapto.org
    IN A
    Response
No results found
  • 8.8.8.8:53
    sunray1975.zapto.org
    dns
    7D57AD13E21.exe
    66 B
     126 B
     1
    1

    DNS Request

    sunray1975.zapto.org

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\7D57AD13E21.exe
    Filesize

    7.9MB

    MD5

    5e4f99cb14d42e45073feabc4da5ae64

    SHA1

    b6fd25a25569d082da98e8e47b48b8ad07dae533

    SHA256

    863f22bb966f4d1e92b1e1993f441695eb32187172e363e71f41f7377b346692

    SHA512

    6baa4b5f8635b5bf6635b4bd4c9fb2dbda6a236c87d8b190ec5653f0b1545e3636706889a123ee2d37e7db968a4bb52bf386105ce6865a5d3db5ac5577cafa13

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Scegli_nome_allegato.exe
    Filesize

    1.0MB

    MD5

    a2f259ceb892d3b0d1d121997c8927e3

    SHA1

    6e0a7239822b8d365d690a314f231286355f6cc6

    SHA256

    ab01a333f38605cbcebd80e0a84ffae2803a9b4f6bebb1e9f773e949a87cb420

    SHA512

    5ae1b60390c94c9e79d3b500a55b775d82556e599963d533170b9f35ad5cfa2df1b7d24de1890acf8e1e2c356830396091d46632dbc6ee43a7d042d4facb5dad

    Download Submit

  • memory/2352-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-1-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2352-3-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2352-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2352-21-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2684-39-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2684-14-0x00000000003C0000-0x00000000003C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2684-41-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2684-49-0x0000000000400000-0x0000000000601000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2716-40-0x0000000000400000-0x00000000004FB000-memory.dmp

    Filesize

    1004KB

    Download

  • memory/2928-44-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2928-50-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2928-46-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2928-47-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2928-52-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.