Overview

overview

10

Static

static

8

a537621e9d...8f.exe

windows7-x64

10

a537621e9d...8f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 13:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe

  • Size

    659KB

  • MD5

    2ee9076557c7c3ff17203b0ccba0501f

  • SHA1

    b235a9d7e422c7ea03a8e36023cbf2de2c04724e

  • SHA256

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

  • SHA512

    9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

  • SSDEEP

    12288:2ITHQuBsNYHuo1y0I5sG1/HkgUcU6kUgnd5aNesU:2ITQURHu8yEG506Yndxs

Score
10/10
jokerinfostealertrojanupx

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe
    "C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
      C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.tocabala.com/thread-250-1-1.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2000
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1968

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
          Filesize

          7KB

          MD5

          47de8bc8f07cddf34ba25bd2cf787eef

          SHA1

          91c59eaa7343f0a2b24d146492bb3e00668e6fe0

          SHA256

          1a61429886f9fba4e649c67d32ba471fd5cff9a6ec8bec7a8b68490cb257f7b0

          SHA512

          87685297561df0da238608962d33a3cb070005e8b9d6ac39317aed2a782691476500eaed0ee300e5ed9a8ab1adc39a4b30d9f790611c64ac08fb633ffec13601

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
          Filesize

          659KB

          MD5

          2ee9076557c7c3ff17203b0ccba0501f

          SHA1

          b235a9d7e422c7ea03a8e36023cbf2de2c04724e

          SHA256

          a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

          SHA512

          9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
          Filesize

          659KB

          MD5

          2ee9076557c7c3ff17203b0ccba0501f

          SHA1

          b235a9d7e422c7ea03a8e36023cbf2de2c04724e

          SHA256

          a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

          SHA512

          9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0ITD01M2.txt
          Filesize

          608B

          MD5

          446b0dabe3a386873e1a17bc322c062e

          SHA1

          9ce6e2381b8a6720470e1d1afb83e210a57e2307

          SHA256

          c90993c7e7ac08c816f7300006e2ae30a4f99d6eee95b0f72fcfaa9d353692d4

          SHA512

          a9dd64e3b4a16ac07c73a1c827e92bb4f44c39744c0776779015c01cdaaafe583ede15d68a6efb9de3c16a042300e1d960ea1c880f9649b0e20980668ffe7f3d

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Z1Y1B36R.txt
          Filesize

          297B

          MD5

          38fc4d9186e2fcf22b0e173f4ff78ccd

          SHA1

          3638e4a34a2252f8d3135a2809906dd21d9542cf

          SHA256

          5987429ab021241e2b2f44643424e4e34e9a523ab64e36e48aac13b387407e2d

          SHA512

          5b1b3f0a75b106aa9ee27b0e9bb07ca7bc36274e18612fb63fc9b889b53c23d2bfa44e2c75482f1e83107f886d5ad9daa6ad736b6f572b3882890ba76158a368

          Download Submit

        • \Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
          Filesize

          659KB

          MD5

          2ee9076557c7c3ff17203b0ccba0501f

          SHA1

          b235a9d7e422c7ea03a8e36023cbf2de2c04724e

          SHA256

          a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

          SHA512

          9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

          Download Submit

        • \Users\Admin\AppData\Local\Temp\ziplib.dll
          Filesize

          453KB

          MD5

          6df0ed0afe162198116be68aba60e0c4

          SHA1

          bd0ca25ff4e495717be7345933aaa90755e5a6ca

          SHA256

          14172cccc2b24d7b490b6038c9493e64d5cab4afeee62014710dfad546eec9dc

          SHA512

          6696ec1e2261e44e1259609f74e95c205165048d94e581f44b09b87fc70e89b2eaeecd09b7de9cb9735dab0b9d90dd4ff7b5ac07e4b5bd8e5f502e71bbfdb757

          Download Submit

        • memory/1640-61-0x0000000000400000-0x00000000005BC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1640-63-0x00000000036D0000-0x0000000003747000-memory.dmp

          Filesize

          476KB

          Download

        • memory/1640-64-0x0000000000400000-0x00000000005BC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1712-54-0x0000000075071000-0x0000000075073000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1712-60-0x0000000000400000-0x00000000005BC000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/1712-55-0x0000000000400000-0x00000000005BC000-memory.dmp

          Filesize

          1.7MB

          Download