Overview

overview

8

Static

static

1

df73048887...78.exe

windows7-x64

8

df73048887...78.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df7304888727550298299d7fda792b1ffa14a1512a3afd86e62b2a269daa4378.exe

  • Size

    146KB

  • MD5

    3b27e5c91399bfd055d362558493b940

  • SHA1

    58d6323b4e7f3d9ede0b31515813dc329f6e1e15

  • SHA256

    df7304888727550298299d7fda792b1ffa14a1512a3afd86e62b2a269daa4378

  • SHA512

    fa4a2e6a1690922277e71a7cfef2342abe0796fd0d9241db4a1f3f4fc09148c22157b161a5246effa608939b1f63c03f044680a391adef465a9842f5008537ab

  • SSDEEP

    768:uQxKb3Lm5JOgqtMAyskynptyuz0ssoExjWRb3OgqtMAyskynptyuz0ssoExjWRMr:hgbbmDORyepWDoT93ORyepWDoTCbf

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df7304888727550298299d7fda792b1ffa14a1512a3afd86e62b2a269daa4378.exe
    "C:\Users\Admin\AppData\Local\Temp\df7304888727550298299d7fda792b1ffa14a1512a3afd86e62b2a269daa4378.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c move /y "dota2installer.exe" "%temp%\dota2installer.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2472
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start "" /wait "%temp%\dota2installer.exe"
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2084
      • C:\Users\Admin\AppData\Local\Temp\dota2installer.exe
        "C:\Users\Admin\AppData\Local\Temp\dota2installer.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Users\Admin\AppData\Local\Temp\is-G07PR.tmp\dota2installer.tmp
          "C:\Users\Admin\AppData\Local\Temp\is-G07PR.tmp\dota2installer.tmp" /SL5="$901B0,1307637,843264,C:\Users\Admin\AppData\Local\Temp\dota2installer.exe"
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          PID:1016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y3TJ7FCV\83.136.232[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y3TJ7FCV\83.136.232[1].xml
    Filesize

    174B

    MD5

    56de379172b1ee469d2e8ff111ebf32e

    SHA1

    576db33ff8a6a2c0f1694c97a62706d0dcb827c9

    SHA256

    1afe7d3f1797f76099370422a1724db0452ef4c81c89745193ffdce972f09d9d

    SHA512

    6db49d91d45e569ec51f068df5d3c9fb428b3875eeb53c391c86e959471601077a5a9c2d5dd6e9700f09d298320b6e155d5267e9ce706777257161b487cac5d6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y3TJ7FCV\83.136.232[1].xml
    Filesize

    352B

    MD5

    9ae06b10f93691884e852a2c7c6352c4

    SHA1

    5b3f617a61b091aeb77a0c9216e2f9410c4faec3

    SHA256

    a78600cc952c8170c478659d73baadc9a672e87466952d4648265a5f91e0856f

    SHA512

    9587d6b040cbdff97e047fb09ebc5025c7e0833c8da67f54670aedc3913f246bd5fbece964577258ff9e926ac090ddc5bc77cd9a5b1d5c6bcb3e4856ea61a8a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dota2installer.exe
    Filesize

    2.1MB

    MD5

    d758c71f256811cc3f66a379fc72f55b

    SHA1

    7b7de84121351d1946fe88d4d86a11ca5ccbc6aa

    SHA256

    7143b3d95c2463346c84e91e25e5dc153afcb0c9825ecd6948d706532caed45f

    SHA512

    723ea81cab9975f8d870dcf013859a38a55849c9158529db72912f9e643542a10bc4e812fbe247f43545795270ed07dcccc1e2e0a0c8fcee4b1259a492cf8cf7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-G07PR.tmp\dota2installer.tmp
    Filesize

    3.0MB

    MD5

    11b718367c4b512db2353acc9427c873

    SHA1

    473aefef52aa3a690552eaed6e3c27b9b68b7e1c

    SHA256

    9116ff47d43d1eecee3bfcc9f295045e60e63ad861f779b481ca6a6d87efe021

    SHA512

    260db0fc8ef46f8f6594036cad95ab04b8860c138d35c428a54c02fd30ca09734209f8ce98458bd1dca5ccd4519999a939748525c6910b54f2f396a707d94028

    Download Submit

  • memory/1016-88-0x0000000000400000-0x0000000000715000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2064-0-0x0000000000910000-0x000000000093A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2064-1-0x00000000045D0000-0x0000000004610000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2064-86-0x00000000045D0000-0x0000000004610000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2824-77-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/2824-87-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download