Overview

overview

9

Static

static

547c224f62...cf.exe

windows7-x64

9

547c224f62...cf.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    144s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    547c224f624437d6a984324f72b47cd8289d57b700b989a44bae575a179f97cf.exe

  • Size

    1.6MB

  • MD5

    2b53a3d5ffc830758df4246831b15d72

  • SHA1

    72aa3b03cfce102b779915662b5ba5739511c278

  • SHA256

    547c224f624437d6a984324f72b47cd8289d57b700b989a44bae575a179f97cf

  • SHA512

    c9b39bc4c3e1973abd85a8e3e74161fa293eeef0612e1da6a455343221aa695d1532d95f570fb63aefd5af4a0a4d0df69a839502fd9fc3b0f097af7a0d277987

  • SSDEEP

    49152:gozQWhYdil2eTZaqdwk0c05HGie1Kf+6D4:vFedil2eYqdwkLcHHGys

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\547c224f624437d6a984324f72b47cd8289d57b700b989a44bae575a179f97cf.exe
    "C:\Users\Admin\AppData\Local\Temp\547c224f624437d6a984324f72b47cd8289d57b700b989a44bae575a179f97cf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://qqxxjz.nl.ae/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    b6d266e7a459d0265f018f61b81540ce

    SHA1

    40d5101269c0b202ec194f48ef92e35bc0a324cd

    SHA256

    7c27d786c71ec452c6c314ff792ea74523d59a7776bef316834a97e6c29ae5fb

    SHA512

    e8b8e40ee7db0cf8faef94c6a1c50da9d5393f882625b31a9dd1699f81f65cf30cf37614eb73a52aa922c9419fc7c5176581f8208929309ee043cba30caaed97

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G96WMGE2.txt
    Filesize

    602B

    MD5

    3d1691222d3ea1099a1e088bdb2857b5

    SHA1

    f777cb23c75f2aba6ed097c69faebb65148c8243

    SHA256

    6a12aeafd19cef116f1fa2260232f80f016cc73435aa7183c93506e565934e4a

    SHA512

    f09697ab324f13432bba091bd82d9550dcdc580772cbd20736d657a64236d480824605301ea39a29abcff4f9b5625ccc6767cbc2b0d7d58397b60c12780f360d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    86KB

    MD5

    147127382e001f495d1842ee7a9e7912

    SHA1

    92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

    SHA256

    edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

    SHA512

    97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

    Download Submit
  • memory/1764-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1764-56-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download