Overview

overview

10

Static

static

8

a537621e9d...8f.exe

windows7-x64

10

a537621e9d...8f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2022 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe

  • Size

    659KB

  • MD5

    2ee9076557c7c3ff17203b0ccba0501f

  • SHA1

    b235a9d7e422c7ea03a8e36023cbf2de2c04724e

  • SHA256

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

  • SHA512

    9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

  • SSDEEP

    12288:2ITHQuBsNYHuo1y0I5sG1/HkgUcU6kUgnd5aNesU:2ITQURHu8yEG506Yndxs

Score
10/10
jokerinfostealertrojanupx

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe
    "C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
      C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.tocabala.com/thread-250-1-1.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2000
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2000 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    7KB

    MD5

    47de8bc8f07cddf34ba25bd2cf787eef

    SHA1

    91c59eaa7343f0a2b24d146492bb3e00668e6fe0

    SHA256

    1a61429886f9fba4e649c67d32ba471fd5cff9a6ec8bec7a8b68490cb257f7b0

    SHA512

    87685297561df0da238608962d33a3cb070005e8b9d6ac39317aed2a782691476500eaed0ee300e5ed9a8ab1adc39a4b30d9f790611c64ac08fb633ffec13601

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
    Filesize

    659KB

    MD5

    2ee9076557c7c3ff17203b0ccba0501f

    SHA1

    b235a9d7e422c7ea03a8e36023cbf2de2c04724e

    SHA256

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

    SHA512

    9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
    Filesize

    659KB

    MD5

    2ee9076557c7c3ff17203b0ccba0501f

    SHA1

    b235a9d7e422c7ea03a8e36023cbf2de2c04724e

    SHA256

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

    SHA512

    9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0ITD01M2.txt
    Filesize

    608B

    MD5

    446b0dabe3a386873e1a17bc322c062e

    SHA1

    9ce6e2381b8a6720470e1d1afb83e210a57e2307

    SHA256

    c90993c7e7ac08c816f7300006e2ae30a4f99d6eee95b0f72fcfaa9d353692d4

    SHA512

    a9dd64e3b4a16ac07c73a1c827e92bb4f44c39744c0776779015c01cdaaafe583ede15d68a6efb9de3c16a042300e1d960ea1c880f9649b0e20980668ffe7f3d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Z1Y1B36R.txt
    Filesize

    297B

    MD5

    38fc4d9186e2fcf22b0e173f4ff78ccd

    SHA1

    3638e4a34a2252f8d3135a2809906dd21d9542cf

    SHA256

    5987429ab021241e2b2f44643424e4e34e9a523ab64e36e48aac13b387407e2d

    SHA512

    5b1b3f0a75b106aa9ee27b0e9bb07ca7bc36274e18612fb63fc9b889b53c23d2bfa44e2c75482f1e83107f886d5ad9daa6ad736b6f572b3882890ba76158a368

    Download Submit

  • \Users\Admin\AppData\Local\Temp\a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f.dmy
    Filesize

    659KB

    MD5

    2ee9076557c7c3ff17203b0ccba0501f

    SHA1

    b235a9d7e422c7ea03a8e36023cbf2de2c04724e

    SHA256

    a537621e9dd330cc6973fa3962ee872043373d9aa1c6ee99f6f90d7fe2f1ac8f

    SHA512

    9f452245a36e24b5c3ee6854196fd7e409e120f3c4b98833f2801938dfe8dd2f07dbdc5b94b6b629f6d596419b4e2044b527b01a86efdb745f55c6a2bed3f318

    Download Submit

  • \Users\Admin\AppData\Local\Temp\ziplib.dll
    Filesize

    453KB

    MD5

    6df0ed0afe162198116be68aba60e0c4

    SHA1

    bd0ca25ff4e495717be7345933aaa90755e5a6ca

    SHA256

    14172cccc2b24d7b490b6038c9493e64d5cab4afeee62014710dfad546eec9dc

    SHA512

    6696ec1e2261e44e1259609f74e95c205165048d94e581f44b09b87fc70e89b2eaeecd09b7de9cb9735dab0b9d90dd4ff7b5ac07e4b5bd8e5f502e71bbfdb757

    Download Submit

  • memory/1640-61-0x0000000000400000-0x00000000005BC000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1640-63-0x00000000036D0000-0x0000000003747000-memory.dmp

    Filesize

    476KB

    Download

  • memory/1640-64-0x0000000000400000-0x00000000005BC000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1712-54-0x0000000075071000-0x0000000075073000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1712-60-0x0000000000400000-0x00000000005BC000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/1712-55-0x0000000000400000-0x00000000005BC000-memory.dmp

    Filesize

    1.7MB

    Download