Resubmissions

05-11-2024 17:41

241105-v9ez2avgpa 10

05-11-2024 17:40

241105-v8x48avgnf 10

Analysis

  • max time kernel
    18s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-11-2024 17:40

General

  • Target

    3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex

  • Size

    7.0MB

  • MD5

    ad49458b8e8eb164537d1bf1de0c086b

  • SHA1

    4fdf8ccc11478b0b3a8546902b82ca6c4b38c7f4

  • SHA256

    3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604

  • SHA512

    f767e7b7ab176ca70be5ef1dabaa1f27b7c05b797e0ddd0d7ecbf45c876d94b692be9dc3fcb461ab81d5990fa12c960eadad822e1b44e152147b8a3a878798cb

  • SSDEEP

    49152:L2dCjFLhTnIWe1RtK62VH9gMtFCYHTLKqTRscM7:qoj/TnIWutK62VXrnzL3ts37

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 17 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex
    1⤵
    • Modifies registry class
    PID:4896
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3264
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1240
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:17410 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4816
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex
        3⤵
          PID:2900
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:17414 /prefetch:2
          3⤵
            PID:4372
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex
            3⤵
              PID:2056
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:82956 /prefetch:2
              3⤵
                PID:2320
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ce1e74b919e7fe6922679092b30f874a84674d7edd0a0815374dc0d88d00604.dex
                3⤵
                  PID:4904
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1240 CREDAT:17426 /prefetch:2
                  3⤵
                    PID:4376

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Temp\~DFFBACF716C5E211B1.TMP

                Filesize

                16KB

                MD5

                a70bfcfc18f6346d83964eba1b7f98ee

                SHA1

                ace2a3ba1d6e7ea752fc3d48b995b56145b29fcd

                SHA256

                0976926ed3bbc2de16cc3e85dfcaa29ce5dc577720c878e4de0408e0ecf2e828

                SHA512

                59b8ff23f020557c77a6b3472d40cc7c5a4f657259859ce7ad78da671de64c9b83f302cc06788b6e7e30d27cfb6e331287baed860405bae7712f7b3f5c0044ba