c736478def3951cbc87555ec6e49c0d524bd0ab5f56c8f7a565b2041d101d1f1

Analysis

max time kernel
146s
max time network
101s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-10-2022 10:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
Size

812KB
MD5

8bcf3a361adba717214c18f123c59a28
SHA1

4ae8e67ff431839ebc815e4c7b05d8c1cc955932
SHA256

c736478def3951cbc87555ec6e49c0d524bd0ab5f56c8f7a565b2041d101d1f1
SHA512

975e78ca7c07e4e3ba151315dd8d4c41cca70ef9b5525cc293961db178d37bfaf47ecb857c66cd8b2cf4587e842827d62e76863c15bece6df94ac0a935f74caf
SSDEEP

24576:nJlh9bDuaI3UqH/98qgoamLnLaHBDQFblQ:nJqlVg1mLLaHOQ

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1164	crack.exe
556	crack.exe
2016	crack.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe

Loads dropped DLL 4 IoCs

pid	Process
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1164	crack.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
852	AcroRd32.exe
852	AcroRd32.exe
852	AcroRd32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1164	1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe	29
PID 1404 wrote to memory of 1164	1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe	29
PID 1404 wrote to memory of 1164	1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe	29
PID 1404 wrote to memory of 1164	1404	WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe	29

C:\Users\Admin\AppData\Local\Temp\WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe
"C:\Users\Admin\AppData\Local\Temp\WiFi_Hacking_for_Beginners_Learn_Hacking_by_Hacking_WiFi_networks.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Users\Admin\Desktop\crack.exe
  "C:\Users\Admin\Desktop\crack.exe"
  2⤵
  - Executes dropped EXE
  - Drops startup file
  - Suspicious behavior: AddClipboardFormatListener
  PID:1164

C:\Users\Admin\Desktop\crack.exe
"C:\Users\Admin\Desktop\crack.exe"
1⤵
- Executes dropped EXE
PID:556

C:\Users\Admin\Desktop\crack.exe
"C:\Users\Admin\Desktop\crack.exe"
1⤵
- Executes dropped EXE
PID:2016

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\WiFi Hacking for Beginners Learn Hacking by Hacking WiFi networks (2017).pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\WiFi Hacking for Beginners Learn Hacking by Hacking WiFi networks (2017).pdf

Filesize
598KB

MD5
eea5438270a8723b156706637731c35c

SHA1
39776a7d0f0454959c5dadce74c34f0f1abe2ef3

SHA256
4bf52e6cf81809018541328a9f99a67f285525a9dd3e9ab06981e19b1786f6bf

SHA512
93ba182ff849b931336ca735fc947c500e1ff9e3320f5c17496f7c922d6d8d61d333e55f0dd0728bc22e8314ee0a08b7fbe42f51fd5ab71dcf9734ceceb23a02

Download Submit
C:\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
C:\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
C:\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
C:\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
\Users\Admin\Desktop\crack.exe

Filesize
18KB

MD5
a0a22ba1e62b67b91905665b86df33b3

SHA1
30f03b81aa46284e26ffb7de1f17ab4203c7fff6

SHA256
e3cb33466bed760b23a24bd723b68ccb5da82ee350793f4cde7aa5ad53541b94

SHA512
39c530c36e2653847cc016354a7909a68e24f0830361b9ed6c4731819decf1b36bb73880d82bceec894fc0dc1f69461d4fd6782e6c8814032beda9e38dafc0bb

Download Submit
memory/1164-69-0x0000000000000000-mapping.dmp

Download
memory/1164-72-0x00000000012F0000-0x00000000012FC000-memory.dmp

Filesize
48KB

Download
memory/1404-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1404-64-0x0000000071BC1000-0x0000000071BC3000-memory.dmp

Filesize
8KB

Download