Overview

overview

10

Static

static

10

59516a0765...a6.exe

windows7_x64

1

59516a0765...a6.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    4294196s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    10-03-2022 15:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59516a07653d39db4492ef7de6d943140ba0e9a7b891e36818ea4c0d052926a6.exe

  • Size

    553KB

  • MD5

    dbae681c46bd2b639f477c6bdb4bf9b3

  • SHA1

    7553b9f49fc0dacedd2e6365fb41fbbebfb5f3c2

  • SHA256

    59516a07653d39db4492ef7de6d943140ba0e9a7b891e36818ea4c0d052926a6

  • SHA512

    f950975834ec2b26f895bf4b81b1542d6418ea3bd150b8502abf2a4896733afb9e65cae388e1d43778182ed1a6c87fabf6d64ae41a2f9fdcafb2e71267d9f0e1

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59516a07653d39db4492ef7de6d943140ba0e9a7b891e36818ea4c0d052926a6.exe
    "C:\Users\Admin\AppData\Local\Temp\59516a07653d39db4492ef7de6d943140ba0e9a7b891e36818ea4c0d052926a6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=59516a07653d39db4492ef7de6d943140ba0e9a7b891e36818ea4c0d052926a6.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:592

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    03fc152ccbe209c181a8b45414633bf9

    SHA1

    43b2d43056b55609c2a481a84d92396d9595d57c

    SHA256

    cafe26388375f47bc27c583f568090d958aa97ccb4e58ab6f5d6d5ed4534d43a

    SHA512

    f4ec8a087aa3e84c9cc592ceed296e205bc6dfc0d68f50d9da956c25cda70b88c403b8ece90ce6e62dec6508388580d3955b728eb5dd3d1349e0a918081fb1c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    637481df32351129e60560d5a5c100b5

    SHA1

    a46aee6e5a4a4893fba5806bcc14fc7fb3ce80ae

    SHA256

    1f1029d94ca4656a577d554cedd79d447658f475af08620084897a5523587052

    SHA512

    604bfd0a78a57dfddd45872803501ad89491e37e89e0778b0f13644fa9164ff509955a57469dfdd65a05bbedaf0acb669f68430e84800d17efe7d360a70569e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    a7d36d47a2ba0fbb942f5f71c1c66885

    SHA1

    306e067b39bdeb1048f70053f045a796f4a96686

    SHA256

    bf853bf9a2d454c39fb8332ccb57736b1d5e8a74e1007d038e1cd6e1b9b1a367

    SHA512

    d89e6764d960b7e0fe781457b9ddb31f36cf452a4045cac3ea48078070c082f41efe3f57a7f84ed4d957e6ade9e28ffa2062e736171c18f314151d3e363e6647

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    fe6d5380e9c5cffd6211dead8e43b907

    SHA1

    a83440c0e7ba316311107f7be44ff732a1c610e9

    SHA256

    f619ec4769d67c2a988a56d141da8b2b53270d6c39b1e51b50d24cdf96340bb9

    SHA512

    41e44e88fec5b78af8c84bd1a0e3f4ae84aae39c8293906e500d8c193f7767d2eba082304f96f82ec6aa139d094220935add09869c94a8d21777fbb510194fee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\rx62z5k\imagestore.dat
    MD5

    c8131d13b5ae3853c5f505e8830e339a

    SHA1

    e172c8239606fb973acd1ce0d0442cf870a08deb

    SHA256

    239067f93e786a24488363ffdd99fd1c92f69423e4708b59573ef625561c89c9

    SHA512

    3ad317b3fe61a5fb0dc5b4674a81103fa353f096585d47cd05ee2d1877242f689fa1e32bd27a95042a14360ecfc832e047f7216fd1b4b8869b1462bae5807015

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0DICDEFK.txt
    MD5

    f65600b1d7032b4005d3798954e4c4b0

    SHA1

    9c620217bcb4723f994631c1bc03f4d4c6c90e78

    SHA256

    fd86ed7dde2dbe9e714577549a272076ee60529caed825ba594b07b92b98f5fd

    SHA512

    bbc8580ad55490a2016d9023fa91962499741194379378af0b8a2b9573fada40136fe394d1100c734de8af345ca3fae5491f7e175304fed06c5212b79e470254

    Download Submit

  • memory/1628-54-0x00000000753E1000-0x00000000753E3000-memory.dmp

    Filesize

    8KB

    Download