Overview

overview

8

Static

static

URLScan

urlscan

1

http://www.mediafire...

windows7-x64

8

http://www.mediafire...

windows10-2004-x64

1

Analysis

  • max time kernel
    105s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2022 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://www.mediafire.com/?57jtw0zsfa7h2i0

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 19 IoCs
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mediafire.com/?57jtw0zsfa7h2i0
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1356
  • C:\Users\Admin\AppData\Local\Temp\Temp1_smartgui.zip\SmartGUI.exe
    "C:\Users\Admin\AppData\Local\Temp\Temp1_smartgui.zip\SmartGUI.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    6c6a24456559f305308cb1fb6c5486b3

    SHA1

    3273ac27d78572f16c3316732b9756ebc22cb6ed

    SHA256

    efc3c579bd619ceab040c4b8c1b821b2d82c64fddd9e80a00ec0d7f6577ed973

    SHA512

    587d4a9175a6aa82cd8bb1c11ca6508f95cd218f76ac322ddbd1bc7146a0e25f8937ee426a6fb0fb0bb045cedb24d8c8a9edfe9f654112f293d8701220f726b4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c72e1e927bc4912907d56bdc5f485d0

    SHA1

    9d4fa880daf8bfd338f5720e3bf6e51a28f1ebb2

    SHA256

    abd0dba420c77205e91cfcaa73c54e7ee89f9939c4d8d337236339d661555d8b

    SHA512

    81e336456dd93b7857901861c1b3afca28cd01db03291ca87b6bd517aad120bda1b8755d42fccf6b6cc8ac4386bfff6488ca163e1e0eb8aaef2ac322492ca30a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    15KB

    MD5

    f38f827a460396a346eecbf83b633905

    SHA1

    198c7acaa87afbda290be392bc4725ea77e8ab13

    SHA256

    162317780f42dc1fa6683709c08602e03a369dc2de8dcdba294a4fce94fd576b

    SHA512

    fe2e15356112e267b259379510428841d3557af4c047771c89a6158b56e72fbee772976affdaa84a8e0b04ebf4d0ee1a73639dfc7322830c9ec22e94cd49370e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CASMTSF8\smartgui.zip.8lv9slb.partial
    Filesize

    273KB

    MD5

    59c9f9a2c47d583e4afc9af4e3622e52

    SHA1

    d7bb78460f31bc7b0a67d10e5bf982cbafdbb2ac

    SHA256

    af3326c4f02985b64fd9bf0f295547571de92a897bee5ebafd5e21f92b284f5d

    SHA512

    bd45709453a7ecaa1bba928d7294acd9afbfb57e7ec3367da6395dfe6fd62542f40433e9ea8b351c889969587e15153b9902d5fe2597995af534daf4fcc50174

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9E64B0AY.txt
    Filesize

    603B

    MD5

    c49b13ad6dfab9ed034a29da6341502a

    SHA1

    79e76ce92c3b3890faf63fc327033be945c34593

    SHA256

    d4dd9bcd3b40fdbe24ec79d131c5b618e9d50dc507f5a4a45c4fdf3c07f95925

    SHA512

    da3a10c3a865d51098cd0aec43c9f4de882328bc49025062f93bf1ff176f79bb2f7f5a6cf29e0ffe82a66d95e9fd0cb570bd3564013f05bffd3bac0b0cfc843d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SGUI.ICL
    Filesize

    44KB

    MD5

    dd80a06bdd6785d7bb02f619a48b95a9

    SHA1

    f9ebb059caa3800c60448a26c72e8ff1375bf001

    SHA256

    54b43e33d37d9f8be0bca377390158a3dc38361fb2ccb86e81c0ecbba8e53ae2

    SHA512

    309f7bcd8470fe36e11d598b420b1d28556e3f23925f5f21d0e7392026a611f575f0a78e436ada5edff5f0f00c79f59020d91056e84cd3301ade36849634261d

    Download Submit

  • memory/1140-57-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1140-56-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1140-80-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download