Overview

overview

8

Static

static

URLScan

urlscan

https://github.com/e...

windows7-x64

8

https://github.com/e...

windows10-2004-x64

8

Analysis

  • max time kernel
    76s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28-09-2022 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/ektorsot/askdakfjasd/raw/main/local.exe

Score
8/10
pyinstallerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Detects Pyinstaller 4 IoCs
    pyinstaller
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/ektorsot/askdakfjasd/raw/main/local.exe
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1784 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2028
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:284
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:872

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    462a2730ed669d352868bcf29584d7ce

    SHA1

    ab9e4b9cb2c87255ca2de23e431da9e2e52542c6

    SHA256

    8a629abc78b74fdc8df2a2f3a4cd9e4246d2b1b60b2de076386f1efebf4a29bf

    SHA512

    0cad40a42870618f48787db6d479004ba8fe82516470fdedf8d03ed6fb82bc1fbf3820197a257645d530dd96f12114b882dbd1a909a62fda3733e2b89d5f1168

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe
    Filesize

    17.3MB

    MD5

    e548a371d9b92e8cf5a9dbd266ac4785

    SHA1

    b1996841c38023c4f9ab80da44ce106b094b3ee2

    SHA256

    edc3990f21d60d2980d3146f3d67355ebb15326a5db6666fb2e82a711579974b

    SHA512

    6f59ae5b8e483ea49dc872711d6078bc7745b28338901a9b626a7656fa7fa2d5fc27e759ce2aa6e1a8ba9b33e4eecbfeb3633429d6757128dd0ae42dfb625316

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe
    Filesize

    17.3MB

    MD5

    e548a371d9b92e8cf5a9dbd266ac4785

    SHA1

    b1996841c38023c4f9ab80da44ce106b094b3ee2

    SHA256

    edc3990f21d60d2980d3146f3d67355ebb15326a5db6666fb2e82a711579974b

    SHA512

    6f59ae5b8e483ea49dc872711d6078bc7745b28338901a9b626a7656fa7fa2d5fc27e759ce2aa6e1a8ba9b33e4eecbfeb3633429d6757128dd0ae42dfb625316

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe.fuj2aa0.partial
    Filesize

    17.3MB

    MD5

    e548a371d9b92e8cf5a9dbd266ac4785

    SHA1

    b1996841c38023c4f9ab80da44ce106b094b3ee2

    SHA256

    edc3990f21d60d2980d3146f3d67355ebb15326a5db6666fb2e82a711579974b

    SHA512

    6f59ae5b8e483ea49dc872711d6078bc7745b28338901a9b626a7656fa7fa2d5fc27e759ce2aa6e1a8ba9b33e4eecbfeb3633429d6757128dd0ae42dfb625316

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI2842\python310.dll
    Filesize

    1.4MB

    MD5

    99cb804abc9a8f4cb8d08d77e515dcb7

    SHA1

    0d833cb729f3d5c845491b61b47018c82065f4ad

    SHA256

    8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

    SHA512

    43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\E8TAY3AU.txt
    Filesize

    608B

    MD5

    2eb7444aa5b0bc6913d9bcb7325d0162

    SHA1

    66726441d9ba2e1a79dca8651023ddddc5334940

    SHA256

    02c35c2c2bf2fa875f5047a73e92be7e8511b1a2889620cc5266d1e54a4fd214

    SHA512

    7d12245d22c1258bda8e4b4bf87dd7ba9b678261cb3b4c0975741272245e70691785d7c4b8a677dc9308398cecaa1dbee558655e31d51c0e17a8fa21884ccdd5

    Download Submit
  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I9NA5QYV\local.exe
    Filesize

    17.3MB

    MD5

    e548a371d9b92e8cf5a9dbd266ac4785

    SHA1

    b1996841c38023c4f9ab80da44ce106b094b3ee2

    SHA256

    edc3990f21d60d2980d3146f3d67355ebb15326a5db6666fb2e82a711579974b

    SHA512

    6f59ae5b8e483ea49dc872711d6078bc7745b28338901a9b626a7656fa7fa2d5fc27e759ce2aa6e1a8ba9b33e4eecbfeb3633429d6757128dd0ae42dfb625316

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI2842\python310.dll
    Filesize

    1.4MB

    MD5

    99cb804abc9a8f4cb8d08d77e515dcb7

    SHA1

    0d833cb729f3d5c845491b61b47018c82065f4ad

    SHA256

    8d23914f6eaa371f2e0c15816c7ab62573d428e750d1bbcd9a07498264d7d240

    SHA512

    43252d45803957ba79d42afdd12b956c3b829c9b00a78199c35e3eeb863d8c56f4f0b467faae227b7c058f59a3f11152f670090e2212eb6a2837378bca53ac82

    Download Submit
  • memory/284-56-0x0000000000000000-mapping.dmp
    Download
  • memory/284-58-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/872-59-0x0000000000000000-mapping.dmp
    Download
  • memory/872-64-0x000007FEF5DF0000-0x000007FEF6254000-memory.dmp
    Filesize

    4.4MB

    Download