Overview

overview

7

Static

static

3

e5ef3432d8...7d.exe

windows7-x64

7

e5ef3432d8...7d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21/11/2024, 10:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe

  • Size

    9.5MB

  • MD5

    90d5e7aa5e0229331cb81a12f93dbc4e

  • SHA1

    92640d12e620b2b9f6716c7ab5b85dd17aac3c73

  • SHA256

    e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d

  • SHA512

    c1e5613e068156b1b0f74b7164d0927d22c623387f7776f531ab9a7afbef35e9ad1bf91d240460666c769a2b06285ce4785952239ac98cdcd1fe7779d9c2e38f

  • SSDEEP

    196608:b/qI5PDqI5PLo5Q5PoqI5PLBqINqlo5Q5P8dPb:biLYb78

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\wkxjvj.exe
      C:\Users\Admin\AppData\Local\Temp\wkxjvj.exe -run C:\Users\Admin\AppData\Local\Temp\e5ef3432d8dc26dff57d684d76e702d2add7d2a89cb2f5900274e1821296b87d.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\wkxjvj.exe
    Filesize

    13.8MB

    MD5

    e6f94a53c1684171a6b1219183dd710e

    SHA1

    9bc7a691b54d1f9df4b589a9bca213e35a0b3c47

    SHA256

    20d560dbdbd4a3741200ed60083200febedc53dbc2f10879904120ebd43f4ccb

    SHA512

    7c66a60bde3b7c11d5d6754e6100e9c308cdff97536825fc06a96da248d112e36a4c442f56d1bef756b0e2d82ac0241f35ba9886be5644b038322d3a5bf0f8d0

    Download Submit

  • memory/2060-13-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2060-15-0x0000000000320000-0x0000000000321000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2060-28-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2344-0-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2344-12-0x0000000000400000-0x00000000005CC000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2344-9-0x0000000002160000-0x000000000232C000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2344-4-0x0000000002160000-0x000000000232C000-memory.dmp

    Filesize

    1.8MB

    Download