Overview

overview

8

Static

static

3

_igetintop...re.url

windows7-x64

1

_igetintop...re.url

windows10-2004-x64

1

_igetintop...lp.url

windows7-x64

6

_igetintop...lp.url

windows10-2004-x64

3

_igetintop...12.exe

windows7-x64

8

_igetintop...12.exe

windows10-2004-x64

7

_igetintop...ch.exe

windows7-x64

8

_igetintop...ch.exe

windows10-2004-x64

8

Patch.exe

windows7-x64

8

Patch.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-07-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _igetintopc.com_Internet_Download_Manager_6/igetintopc.com_fix/Patch.exe

  • Size

    59KB

  • MD5

    27016937b5781c4f84b6b3432170f4d0

  • SHA1

    bc812a8c4d44a3503ffd6a46e4fdab925c622344

  • SHA256

    fc1a02b509b8f351ac45bd45efd4e7296b365545a48ffd6a14e8e07bc7189155

  • SHA512

    24a726276cc53c5a0d075d1bf930e24b3a1891e0754b17c28a5a35b5677fd792d9adb55e5e0a7fe18f056febb8af4a49a5a0fac33389205d1f4dcc0060422be7

  • SSDEEP

    1536:5ilGC+HMax3AZ5GiavgfreZCRIr71mazhAN5TAS:5igLV3SIareERU5mazh3S

Score
8/10
evasion

Malware Config

Signatures

  • Blocks application from running via registry modification 1 IoCs

    Adds application to list of disallowed applications.

    evasion
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Disables cmd.exe use via registry modification 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\_igetintopc.com_Internet_Download_Manager_6\igetintopc.com_fix\Patch.exe
    "C:\Users\Admin\AppData\Local\Temp\_igetintopc.com_Internet_Download_Manager_6\igetintopc.com_fix\Patch.exe"
    1⤵
    • Blocks application from running via registry modification
    • Disables RegEdit via registry modification
    • Disables cmd.exe use via registry modification
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4616
    • C:\Windows\SysWOW64\wscript.exe
      wscript.exe "C:\Users\Admin\AppData\Local\Temp\\UPDT.vbs" /browser:"C:\Program Files\Google\Chrome\Application\chrome.exe" /crkver:"19.7"
      2⤵
        PID:4864

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\UPDT.vbs
      Filesize

      2KB

      MD5

      7b18a872d4be22eecf2f95ce5e63ce15

      SHA1

      dfcddf132463dcc697942b32e305ad4aadeb6d98

      SHA256

      e64d9b855b8f02b15626c7e932c0451c07af8e8ebb53bb17626c66e117f50cba

      SHA512

      91533ff0351c9d35408235da164cd5e7149bed91b10c1c624985dcc0e02af2f6ff400181224f5fdcd3b197ff63df3c436f937d8fe79ef955bf9fc999cc13eba5

      Download Submit
    • memory/4616-0-0x0000000000400000-0x000000000043D000-memory.dmp
      Filesize

      244KB

      Download
    • memory/4616-1-0x0000000000400000-0x000000000043D000-memory.dmp
      Filesize

      244KB

      Download