Overview

overview

9

Static

static

676eea69fd...ea.exe

windows7-x64

9

676eea69fd...ea.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    140s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe

  • Size

    5.1MB

  • MD5

    43f6b4589ea28e1df8d0c40d9cfb0ada

  • SHA1

    63cc4eacf596d31efa5567a7e86aaf4ef99691e6

  • SHA256

    676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea

  • SHA512

    ca68d40dcc6f0ea82878524f29d9cdac5ef33be3634b686e2ea9c2e4d84d7645dc4d5f6c4d6f72b4393d181bbd0e2978a2d983a82b376f191956a8dee82082c1

  • SSDEEP

    98304:SyG6edCQHyTPBAl9R/rUdCGUsYml5Nk+YFowkyR5zccEURz9GJpeT:SQJA48GUsL5mdkqciw

Score
9/10
evasiontrojanupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe
    "C:\Users\Admin\AppData\Local\Temp\676eea69fd46487f6826e3d1e7bae1deb4e9686ccfc94d6e9ca9420309fdafea.exe"
    1⤵
    • Checks computer location settings
    • Loads dropped DLL
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://longju.tap.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1960
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1816 CREDAT:17416 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:432
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.yoyo-dao.com/thread.php?fid=41
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3536 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4040
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:1560

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    3
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      1KB

      MD5

      f9ba08256d1b61cface598053cde2d0d

      SHA1

      e44c26433ff18e857d45a660ea939e1f69940412

      SHA256

      d97026f9ca69ad6de1283dda1abbcda6b26448614bca91b217dbd8ed32c256da

      SHA512

      da2834837bcf0611ff6cad027ed798921e2270a18803536e2b11fbe6e8f38a05dd21d34a720f10b511d495d9a305a1bff61bb531bf5040ae4d269b07b4152cb6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      1KB

      MD5

      ed35bf5739b25193dbab85a40e512dbf

      SHA1

      1e4895420f2dc13198c40899636674a217061333

      SHA256

      5ef9dcf41f403ed49d121c26185fa1c79e9c3867949ba09faeaa59bc665e75ed

      SHA512

      72a1c49963b301d4865983296073e8edf0c2a0b0f0835cb7cc493a97135aa32bdb876abf6c21e312f2e850b23ef889e338a1881c615fe3b452497817b1340b76

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      e32d02ce684c01ef3af05fae9066160e

      SHA1

      29c7a6e8ed553ac2765634265d1db041d6d422ec

      SHA256

      b00322d178a6cfc206458c26b26d6c80596073bb3283dcc3fc4e33a4b5f29d71

      SHA512

      e4e3175fb131095e4681ecb76d14dc74d059c0beafb6340965516c6d3d0538deb314b36a3f09df03b491edac84d5c0580e764fed1d8bca9abd4e65cb56167148

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      e32d02ce684c01ef3af05fae9066160e

      SHA1

      29c7a6e8ed553ac2765634265d1db041d6d422ec

      SHA256

      b00322d178a6cfc206458c26b26d6c80596073bb3283dcc3fc4e33a4b5f29d71

      SHA512

      e4e3175fb131095e4681ecb76d14dc74d059c0beafb6340965516c6d3d0538deb314b36a3f09df03b491edac84d5c0580e764fed1d8bca9abd4e65cb56167148

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
      Filesize

      1KB

      MD5

      ceb5d57e053cf1d989a5a2730e0f79ef

      SHA1

      f6324c07ae56d9b92e43ffe0081918cf1848b733

      SHA256

      8e2e6bf1be8904d016a112c9cf04a7ace866e9c287e6866e0cb29aefcff2c776

      SHA512

      7daabdc9fa40ecf84f329516b8542de0f9bb97ed14d89c00fa7a66354432d5588dbf826192cd0fbd473af7a17d9624f1c4d10f73e9aa7c2e9b9c21278cb3e479

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      1KB

      MD5

      7519716cb2f4a994c19d92bbaa82d932

      SHA1

      aa547900509d6031fc1cc86fde4c85db0594d112

      SHA256

      352384f1b99f9e003b0d60f8021c33787eb39b53286219d34e2acdc2ac7e33be

      SHA512

      72e18db9a1b2fa4c624eb702c675878c011ac8e286c00239357a1e7e494db1fac4027958c5de28aae81248c8812f6910aaf31ecfe949df99ccc69c91a1661ee0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
      Filesize

      471B

      MD5

      b0ae81e2069b3caa9682caf6444be159

      SHA1

      1e7d2c23bf74586a5366388efaee31b8b1a151f6

      SHA256

      5c9e7949981ac724b63d24ab1401497046feba6397f92f83b551b1d8ce767072

      SHA512

      01e58f28eb18da9e59ab7a2e179e569c512b82785e8204139ef3334fe3c9147d345f7ff63d040998164b4784306daaa578d85ebf8c02de9a01bf795a32e2003f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      508B

      MD5

      3c68ba3ad2e76127777e069eaf15db6b

      SHA1

      7825d9188d93c4956bb15b389672e9772558b45b

      SHA256

      48e370f03cff76258583a726520abfd3df917906d5aae03fb3a5be6f30b3c123

      SHA512

      3a3e2ca0de3036956eab7df56376daaef4fc8b07e489280dc35e1af03bde7a45d6f4deb0a31e4b7f54b1808c5be50bb8c2d07643af36d181593acc9f2410e84d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      532B

      MD5

      79d81a5c910ac6c1c39826439fa8a6a8

      SHA1

      08936a8fa811ca4d24e1ed21f553da51541bff6e

      SHA256

      9529eb53f9de45862edc0920bcbd733a6d6fe67c882f2133528e2d22f042622f

      SHA512

      75f17b2678769cb6a99610cd65f985acf8a034aa5da7e20adba3c57d9120f28e49561eb2fc557607fbfec4a01e50a56b940bc78be90ce63eca4db228f47f753b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      67e57af7f8afa88df77c29a93dbe28f7

      SHA1

      a5d6dc9823d7f3b3d982ea73c8d6b6d7688c2e6e

      SHA256

      b8c58b7fd8732ba12fdbf5c450f719d1f7b80fb07e1a17ecda419ac95c60530a

      SHA512

      36ca853306500f2c9037b1a049d5b6fa82e3fc363e49903692191252b66c7553f66e05b4a246d7bcf10d9493350cbb62280186b49de47ef3971072d5f6b14ca1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      67e57af7f8afa88df77c29a93dbe28f7

      SHA1

      a5d6dc9823d7f3b3d982ea73c8d6b6d7688c2e6e

      SHA256

      b8c58b7fd8732ba12fdbf5c450f719d1f7b80fb07e1a17ecda419ac95c60530a

      SHA512

      36ca853306500f2c9037b1a049d5b6fa82e3fc363e49903692191252b66c7553f66e05b4a246d7bcf10d9493350cbb62280186b49de47ef3971072d5f6b14ca1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      67e57af7f8afa88df77c29a93dbe28f7

      SHA1

      a5d6dc9823d7f3b3d982ea73c8d6b6d7688c2e6e

      SHA256

      b8c58b7fd8732ba12fdbf5c450f719d1f7b80fb07e1a17ecda419ac95c60530a

      SHA512

      36ca853306500f2c9037b1a049d5b6fa82e3fc363e49903692191252b66c7553f66e05b4a246d7bcf10d9493350cbb62280186b49de47ef3971072d5f6b14ca1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
      Filesize

      492B

      MD5

      23ce20f1d1aeaece3d795424f3dfd26d

      SHA1

      42f153cb93bdc19cafcaec3c21f1151dc7b249be

      SHA256

      d90b61e8d90db63e407ffe9b94e9c7990f0fe5db07e514296ab7c26fa8d75035

      SHA512

      d552744d1b8c9a3a6a3d301cc28d9d2ac895beb0dd9aca73a8cb0871210d8ddf8e0073b935dbac118d77d21271764f77a5a3f747098ea50d8467df116d0f453a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      506B

      MD5

      29b51a02afb2100c640ec28edcd13a23

      SHA1

      4741e78d2d60868c6697a0dadce4b3878e317234

      SHA256

      1577932949eb7ce0a990abfca94e3cebb5eca8eee71dd5d8aa73b90169e1a8b7

      SHA512

      2a602ea096e9ad583bf3816d4180ad0249f634e13bc4416bd2f41bcc9326088b0539d36d3153c364f892a0799c22e61d61f5dc7eaa848131a6b8066ef471ce87

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
      Filesize

      400B

      MD5

      fe024cf04532ab6840f320d383402937

      SHA1

      2769d9b71feace21b0a161f2d0ac1cd2fd911592

      SHA256

      7f78f023df6f22b5bf0ccebf549deafd323cd9e834ef786c8640c111d3e9c241

      SHA512

      b7cf9a8b8389dd06e4c790936bcc47bef20eece82470cfcad81bc5c9844d5059f02f554e97e63a95d8ebeeb4fb283ae6ac40e5ccbfef506686dc67d027e93233

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2D9AAE2-6B68-11ED-AECB-F6A3911CAFFB}.dat
      Filesize

      3KB

      MD5

      bcc519ef236e218214fb72a78cf2dd5a

      SHA1

      a4ecf5b99934c48c6b66a9a95b211b86f7551092

      SHA256

      374547ba12e7b939c9c5cb905251446b6779b39e35e86a25fccdab7a8712d24e

      SHA512

      87d2b87c16fafbdaa628b310a78a042d3b0718d2eb43e9f6bebae53bda1bde370fd1dc7ad3d6695475eb2997f9c4a54ae9c61d8ffcd167b3c85057ee3bfa39ff

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E2D9D1F2-6B68-11ED-AECB-F6A3911CAFFB}.dat
      Filesize

      3KB

      MD5

      a72686af0c174777ac93e8dbe56a62c9

      SHA1

      8488eab0eb52eb3d55c6300c2570d4a4789585bd

      SHA256

      e2c81eb7d9f16b1caac06b1751266c485a3cc0196c96a0aa6d6047fb887d362b

      SHA512

      d2d61cc8259ab361e0ab079322f1c79c6be9367736079a4beef3bf8248e8a268807e7b635b6d5d797918f07480726c25eee9d7c8b984420ebbc742f6fa34865e

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
      Filesize

      1KB

      MD5

      ae8262619c1ac043d7d1fa15d40f51bb

      SHA1

      213bbdbb79ad3f15b2b2bfedadc94b82dbaa96b7

      SHA256

      4e8ff63a362e66d4f2010851a4cfc1b3f6d5938ad495614734e691be2a56a459

      SHA512

      e58626537c3b483509f8a01c465fed7052e7439944afc266e6c56e45a7c02193befe6f5d06818cf7c571ea31fe5d565861a471157bfe63ec08745eb210250485

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\SkinH_EL.dll
      Filesize

      86KB

      MD5

      147127382e001f495d1842ee7a9e7912

      SHA1

      92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

      SHA256

      edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

      SHA512

      97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

      Download Submit
    • memory/4612-132-0x0000000000400000-0x0000000000F8C000-memory.dmp
      Filesize

      11.5MB

      Download
    • memory/4612-137-0x0000000010000000-0x000000001003D000-memory.dmp
      Filesize

      244KB

      Download
    • memory/4612-135-0x0000000000400000-0x0000000000F8C000-memory.dmp
      Filesize

      11.5MB

      Download
    • memory/4612-133-0x0000000000400000-0x0000000000F8C000-memory.dmp
      Filesize

      11.5MB

      Download