Overview

overview

10

Static

static

10

6e1ba50818...f6.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    253s
  • max time network
    254s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    06/02/2025, 14:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe

  • Size

    1.6MB

  • MD5

    7d1a15fd3c17ad226b3516bea26d7a94

  • SHA1

    1fea1c73332b3708b1eb1f2caf80faff3db47c0a

  • SHA256

    6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6

  • SHA512

    37602ed7869971f113c9dcf5ecbdd07c5982ea5cfc3bb17bac61f3404f0f00df4fa55a128bc081109a0151ceb53698f19b2c58d6126b30d6f96eebc39c405a78

  • SSDEEP

    24576:fMN6PENnBBQXf1UCyfGH32hEFS3qWcI6baD8U2ZuDqk4EB:fM15BBwKjEF3M2A1

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 41 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
    "C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4380
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3040
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
      1⤵
        PID:1196
      • C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
        "C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1516
      • C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
        "C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4216
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:1764
        • C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
          6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3152
      • C:\Windows\system32\BackgroundTransferHost.exe
        "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
        1⤵
        • Modifies registry class
        PID:2748
      • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
        "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
        1⤵
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:2540
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D4
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4576
      • C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe
        "C:\Users\Admin\AppData\Local\Temp\6e1ba50818ecda9fad9766a31a94e01ab60a910ab47ba780d3d547af8d4747f6.exe"
        1⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4816

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\a10ff35f-ffc5-4153-a21e-f65d424a0f6c.down_data
        Filesize

        555KB

        MD5

        5683c0028832cae4ef93ca39c8ac5029

        SHA1

        248755e4e1db552e0b6f8651b04ca6d1b31a86fb

        SHA256

        855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

        SHA512

        aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.2sg_ywf_oy4mrzmfjuqrh66ae.tmp
        Filesize

        2KB

        MD5

        530f1945913c81b38450c5a468428ee6

        SHA1

        0c6d47f5376342002ffdbc9a26ebec22c48dca37

        SHA256

        4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff

        SHA512

        3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.mknrq8mxcouw2u_46ivwl8d0f.tmp
        Filesize

        9KB

        MD5

        24ebdb1228a1818eee374bc8794869b7

        SHA1

        79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d

        SHA256

        92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923

        SHA512

        63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.z8pi3ujsuafp13j9i0komci1d.tmp
        Filesize

        1KB

        MD5

        4085b7b25606706f1a1ad9a88211a9b7

        SHA1

        31019f39a5e0bf2b1aa9fe5dda31856b30e963cc

        SHA256

        b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc

        SHA512

        9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168

        Download Submit