Overview

overview

8

Static

static

333c230f2c...52.exe

windows7-x64

8

333c230f2c...52.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    187s
  • max time network
    233s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 23:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    333c230f2c8fd352bb960496e03218fa73df77a907182462b28a838009feba52.exe

  • Size

    1.8MB

  • MD5

    e36ee79ac5b8f3804da62864f118c934

  • SHA1

    cfba959f8f33e8a383a4436a9f9c877771514f3d

  • SHA256

    333c230f2c8fd352bb960496e03218fa73df77a907182462b28a838009feba52

  • SHA512

    a6885e3bbdfad819b7d322aef41a3f85315d2a1370d71640099d577524a04e091997e9e8c5221dcd41ae89f6333273bc12ea19f3cc1f674c22e1dbf992e59962

  • SSDEEP

    12288:YRD7oDy0iaBuIL/R46sDuAEb8TJa8ODambaOI9qZGqR5nWFpPoSlh2AGStQ6OU8G:6DN6cjtCTaOkbV2AP2AF

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 36 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\333c230f2c8fd352bb960496e03218fa73df77a907182462b28a838009feba52.exe
    "C:\Users\Admin\AppData\Local\Temp\333c230f2c8fd352bb960496e03218fa73df77a907182462b28a838009feba52.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1744
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://user.qzone.qq.com/544230987/blog/1401699289
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c50353b18365c4abc24ff5105fdb5de

    SHA1

    88563276035bd7fb444ab6abedc53c17598197b1

    SHA256

    d5c4951cc1a06071ab5549d0071342f4e46f1c16b880b4b030bcad2e9a04bf17

    SHA512

    b7edf2f94f967acb4715facaf418181e0811789bccd41c4c149dbc744541c0392f89edaa0c9fc83854b62b4e55ae0ce5d8e8bce31870b87554a6d0619b05c8ca

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    5KB

    MD5

    eddcd17fd572a916c495aa438e1d3573

    SHA1

    e8337124c37919755d45162d22bd6b74a5836acd

    SHA256

    80e9308ff0d807aa5ba5ea03bbc66bbc05354364cc61ccc5ebeed0663927437f

    SHA512

    6a16dd7c9dbaeb3c4181cd2d32e3d094ebcce1782c72fc432ffa889ef0daf5a746b9ccb7a6d275b2df0e2b7b65588c91719fe947bb67217744807fed001864ac

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7RV4JOVQ.txt
    Filesize

    608B

    MD5

    592fe65be352b722308f009c37acd11d

    SHA1

    0f380f268bdec322e6ab9c52329503d40598f828

    SHA256

    0d15387ef72d1473d6465f886811de6c8ecace09ac0b17d32831cb3df7226ee6

    SHA512

    fa3053b506d21defc087df2d9a0b0f484faa05d2c39e60b9c58ab12b05f00e3bd095acb22f8bbf9f790f1e890bb9fa6d7bb0a9a61520f037c5ef8f8e10b672ed

    Download Submit
  • memory/1744-91-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-119-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-61-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-59-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-65-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-67-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-69-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-71-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-73-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-75-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-77-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-79-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-81-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-95-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-85-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-87-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-89-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-54-0x0000000075C81000-0x0000000075C83000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1744-57-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-63-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-83-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-98-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-100-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-102-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-99-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-104-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-106-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-108-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-110-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-112-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-115-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-113-0x0000000000400000-0x00000000005FE000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1744-117-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-97-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-144-0x0000000000400000-0x00000000005FE000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1744-145-0x0000000000370000-0x00000000003AE000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-56-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-93-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1744-55-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download