Overview

overview

9

Static

static

676eea69fd...ea.exe

windows7-x64

9

676eea69fd...ea.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    139s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe

  • Size

    5.1MB

  • MD5

    43f6b4589ea28e1df8d0c40d9cfb0ada

  • SHA1

    63cc4eacf596d31efa5567a7e86aaf4ef99691e6

  • SHA256

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

  • SHA512

    ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1

  • SSDEEP

    98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe
    "C:\Users\Admin\AppData\Local\Temp\676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1112
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://longju.tap.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1096 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:760
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.yoyo-dao.com/thread.php?fid=41
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:532
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:532 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:400
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2ec
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    be2a3982048ff58fcf61b9da43fe27c6

    SHA1

    bd9925ef5020855bce962cb301d859a315b9943c

    SHA256

    ba86f7567cd18c301d222b69c3e4de2c05e30da8f684d5349c3fbd189548a8de

    SHA512

    1cc3074e4438374020998f866935388ec0a6e624a0f3e0ab9f090dbc388760e9ce6182f8f42cd6c4318eb87dcaf4dbfc9f898e9f6dbea440239f3bf785cebe56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
    Filesize

    717B

    MD5

    ec8ff3b1ded0246437b1472c69dd1811

    SHA1

    d813e874c2524e3a7da6c466c67854ad16800326

    SHA256

    e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

    SHA512

    e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    1KB

    MD5

    ed35bf5739b25193dbab85a40e512dbf

    SHA1

    1e4895420f2dc13198c40899636674a217061333

    SHA256

    5ef9dcf41f403ed49d121c26185fa1c79e9c3867949ba09faeaa59bc665e75ed

    SHA512

    72a1c49963b301d4865983296073e8edf0c2a0b0f0835cb7cc493a97135aa32bdb876abf6c21e312f2e850b23ef889e338a1881c615fe3b452497817b1340b76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    1KB

    MD5

    867de40dbc080f74399aa4aaf7367845

    SHA1

    a03404138152668474a502b3953ebdf57a775242

    SHA256

    7c417fad68730d51143bf9dafc76655583332fcee245f086bf025563c6f23bb9

    SHA512

    2e85d3631dadb001a6ac1d33cd0ed5bd7cede9ad6725e8f74861cdc50d3c05f27e90e378c0b1d374e7292265594a6cf6185d886a4d065e8665725096f94ebd8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    1KB

    MD5

    3e97882453bff932b065abe844e7b7fc

    SHA1

    2fac9cc397d0d2e39f246fb515766f63c8b71bdb

    SHA256

    6a99a22872bf597412e35bb154f300a8e66eb30a2162bba557d26bd104835fa3

    SHA512

    90d4952d865416bff085dd060ea2f2c07abb9e2ad96166a74e260105b1c6ee1dea6fda87bfe164bed7a30534526328960df22e77f96a9b550a3d22b42969c28e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    471B

    MD5

    b0ae81e2069b3caa9682caf6444be159

    SHA1

    1e7d2c23bf74586a5366388efaee31b8b1a151f6

    SHA256

    5c9e7949981ac724b63d24ab1401497046feba6397f92f83b551b1d8ce767072

    SHA512

    01e58f28eb18da9e59ab7a2e179e569c512b82785e8204139ef3334fe3c9147d345f7ff63d040998164b4784306daaa578d85ebf8c02de9a01bf795a32e2003f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    98d7acf035458449f4f262a38664f3a3

    SHA1

    6b86b00eda3a3bc268c21a7ab22824a4af689e3e

    SHA256

    b2d382a4daf889cceaaa11a43753767668de340323846ca5359a855fb82bc9a5

    SHA512

    230f488be3304088fee23de11e01bed96c5bbdb8ffc3a70dbce37d6bcd160cc3ecab1fe6ab2d656bad789369c9621ef0703e1664be304558941c589e1d0b4a73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
    Filesize

    192B

    MD5

    b1d12ce5448e48251b19909116867fc4

    SHA1

    f8f9d101c92de7e77e7fa6039b39c4045e990c1e

    SHA256

    5fcf5a7a0705083cf6740998598e9edae0d78f090654cd4ca0bb86dfba4da7ce

    SHA512

    68c899e002eba8f7a343b5352cc465f0838d697853699073b4b180e5430f8f1175366738888c577a5fa83c8e89bac143cfade3b9533729b8b4065c1f860fc387

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
    Filesize

    532B

    MD5

    b5515dffc97016d879d0340bbad82e00

    SHA1

    fc0c20a2b85650982e3e38793242860e9798c102

    SHA256

    4f31dfeb7b8f01e6e6058c4560e25dee1f00e5d840eaf6d7a54e37493d9dc823

    SHA512

    00916a97ae0d2756af8c9255f308e7028bd209192d33a6967e60935b9c3742fdccd577caca5146ac4dccb17256028726a2cb974969198d16ea521fba901064ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    960f94ebeacf34cd68e65a2c733fb68d

    SHA1

    ac95b3cf12fc9081b0c6872c5536ef110d92a30a

    SHA256

    b6d808b34db0e802015755ff1fa0d91b4fa91fef72304df8cb98a14faf18f4b9

    SHA512

    97508ccbe0d8a2d397739a6fa89d3f2c1567988bccbc88212cbf70549182e503b8bb04bd4d701321ec8ada81ce83c346a1dc96403bce4cbf85c6d160f02b9f87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7f326c2ab8a43096f18d407fff32449

    SHA1

    a44c09b762050da230ef5334a54bcd55e4f18294

    SHA256

    77f18574aa3c49a617b849eb2f007da81386b9bd5dd1a552b9455615bfb0e564

    SHA512

    70a4c6dbcd8b2574ae4873a02f61702fee255bfa9cbb0b2e7a8571cf1ba480fa4be8ef35f2ea70b80a0f2953afbb8d95e655b5a685eacc3f9126183ab18b5178

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a6f9d282a929f954de1aac9c884346b

    SHA1

    ff186377a0f4eaee288994e5dd8058bc0cec712c

    SHA256

    1ab3a31a7a4dd9592f229791ee66a26d111371c7246d0cb66d5c9b50d642b0af

    SHA512

    0f81ed8f834e550614a1bf746514053924c3c3773e82799dae299672a0e2c1d1c3b5df890fc93390c406c540aee33373e0651f42a12f899cc0b4ba467e119236

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    492B

    MD5

    d5884b8dff67febb5ce325272cd23ed3

    SHA1

    c057d7047b55be32933680453f55e1bdf4219618

    SHA256

    2579a4ff96343c4b9e7aa6bbdbb57df8c5627afcff50db86c2314a4cf6513fdf

    SHA512

    415d251813eff31854cc805e90f6617b91eae78fa74f32db7b5039ffff48a6800e063c4dfc9e56fcc6e48675568061942b147b2480be706449f8aca6a78beea8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
    Filesize

    506B

    MD5

    0e372aee531b1cc92c90c70ec2ccce7b

    SHA1

    0987fba33343d82162f7e00cc21ac0076ac890f6

    SHA256

    2ea4ef06ad42dbc721063c8f817f870b5ba0e26a48e0bbf7fb9a331f015245ff

    SHA512

    9a87ae68413339cfdb3f732828c55414f7def8aab8a60849c8b05e5fc317c4770b11ecfdb2524406f7df03e7d2e7424d9b723b7d9887fe98569f463393fb3384

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    430B

    MD5

    129928f5b0d27a48c22c6c714182a198

    SHA1

    20fa3f4f1813c879401a21aca8b2e057bdfbfe6c

    SHA256

    a909727e1a72fad9c9cdf21a9589eb96d782513e0b6dea458a5a05976fa39355

    SHA512

    16e14f99057ec0334e74b8a15a158f77e257bd1d91bbf967caea7737a5150157760ce3d4ec39a168f40f27e7a48a6771216213cb5c2ef5396bddb8f409d3f309

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    0ff112996bd28c00cae5d16e765f29a7

    SHA1

    e2cd26407716e418e025f549fe2dc5f7b67ed2cd

    SHA256

    012f814ea0dff30f6b290fcfdc0a40e0f72abe3f9138507f6513226681e8b529

    SHA512

    2fff0465406da5813cba69c9f31def3166cd24557fd21203086f503e5ee1878f3b702bff21c0a7895396e078052ac0ce7d04faae2cdf195f1dd68677e0654eda

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1D5B7A1-6B68-11ED-A964-EAF6071D98F9}.dat
    Filesize

    5KB

    MD5

    ecf7a533d4ad13a9d505110e93b372d2

    SHA1

    f48970495b4ccdc43b9139d1ba0047eb4d2cd3ec

    SHA256

    d5ac09c6b7e00db00198a20fd9ba1e1bea6cdb0a6a602897ae970e89385fe336

    SHA512

    27e3204928df00f4564bb6910c1782fa967c490e2a3b673406abc54b32ba00ac3341655d826b099a58ac82e608745faef74287d4fd0c0dc1b74f28f985e623ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E1D5DEB1-6B68-11ED-A964-EAF6071D98F9}.dat
    Filesize

    4KB

    MD5

    816983424006a2d2a710f45cbe398f9f

    SHA1

    ff76b4106a63659711d1815dd72385a2f289a114

    SHA256

    b1506174c63a8f3c5c2d03f0e5303a40a7c121ba25667aafaf30d54c827710ee

    SHA512

    4fe7e083f2c92aa5bb1d199e1b025e7f4d7875019f4e613ff7bbc2bce434fbc1a7142de75d7337767915ea348381c917b96991c3bb82e3680063155e1fc780b2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    77cdd33a8fab697bbc19748d1d874ce4

    SHA1

    3540554d42334dd10a618c63dfbc81fbd9ea967a

    SHA256

    8b3860aef00c39bebccfc48c3d8392eae52f31d41350d5c98a939d237de74656

    SHA512

    679a6dfc4884fe5fd2fd9e383f59fdf27e024f3c952aad725d444dab0a92faac024665064b9f7d3eb67fa3a88ad0d73e270dd3cdb6b33ba724659271aac580f6

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NTO3F9D2.txt
    Filesize

    94B

    MD5

    40cec4d376c9613ac1e7b6817fee2d4c

    SHA1

    49405fa9ac17c613669e5ccb191d866d004dd0bc

    SHA256

    f3fd9a5833794888a55a9d679bcef90f16d9a78aafeb3bc4de60c3ad064201f7

    SHA512

    5149d303c4781426d43fac49ef292be522d12700b6a8aac7a49e97da08de3e4ea59a7377a3bc0e657ae0c2435c78ac1796f86dc1bcdf9ccd70eb4ca3a3886346

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RVC488XN.txt
    Filesize

    110B

    MD5

    03d78cddcbac3331f8c07858c825d45d

    SHA1

    d131de578b9f9104d2a16cc89b52942f8277fd90

    SHA256

    728345d82c170580db147fe0b5c931c914fc613c36ba362a05e25dae64504f91

    SHA512

    939e3c853241e1812d137c0c9689b3b435da8e8f054a498b5624010f44df12201e8b5e798bf94e473acf6e45c9e35f152998617bc59314604cad6700726e26a2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UKUGM1UQ.txt
    Filesize

    600B

    MD5

    33d70835ef0e0200d0a7ce012f1cf6d6

    SHA1

    d61167fc9db5a4a2d758bd54cedec98973787e8e

    SHA256

    8eb61e227e7a397e5a6a8c5e82019c6356b45f0a5c46f23fc26fdeb24ceef636

    SHA512

    b3c8f095337b8e4575dcb710a21442b7053a1665cca30dc49dd91b1ad9786958be33ad1e56425d4b2e5b20d15c64a1736ebe76fd514c82584fdf5ddf627b44b4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit

  • memory/1112-68-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1112-54-0x0000000000400000-0x0000000000F8C000-memory.dmp

    Filesize

    11.5MB

    Download

  • memory/1112-60-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1112-58-0x0000000000400000-0x0000000000F8C000-memory.dmp

    Filesize

    11.5MB

    Download

  • memory/1112-56-0x0000000000400000-0x0000000000F8C000-memory.dmp

    Filesize

    11.5MB

    Download

  • memory/1112-55-0x0000000075351000-0x0000000075353000-memory.dmp

    Filesize

    8KB

    Download