Overview

overview

8

Static

static

97ee15b07e...26.exe

windows7-x64

8

97ee15b07e...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    190s
  • max time network
    220s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 14:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97ee15b07efe8df959b1aec9b5eee2cbd68755c43d0a803e32d736f0b2892e26.exe

  • Size

    2.6MB

  • MD5

    9886a02c9ce1b37d9ce0fb755ad72338

  • SHA1

    21a8fe61b217c2d105c9db4e81029f284ab313d4

  • SHA256

    97ee15b07efe8df959b1aec9b5eee2cbd68755c43d0a803e32d736f0b2892e26

  • SHA512

    bb4d4c83a1ab4bd18209772ce8a112f02324e7f141a3dd9f526f45bbe8b5652a6c76540b73bda9d63c52c4ea5a30ee40a22d1c5cfa89a81d0f4d957f310e5bcf

  • SSDEEP

    49152:qjW22u50BUAZPFZfJcoexwEBYX10xmaoadtwuXrG:G12c+USF0oowEBM10gaoatwuXrG

Score
8/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97ee15b07efe8df959b1aec9b5eee2cbd68755c43d0a803e32d736f0b2892e26.exe
    "C:\Users\Admin\AppData\Local\Temp\97ee15b07efe8df959b1aec9b5eee2cbd68755c43d0a803e32d736f0b2892e26.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:1340
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5d7fa75e23e18f5b28605e434ac8acd8

    SHA1

    276a3ac2038ce3979ad8750516f1cc71b48dfe94

    SHA256

    715804f07600489f96beb329afeeb512bf56f100e109ca9e45566c62ee407cd2

    SHA512

    a6e4e6fe6cdd0f34828532c2205bd371e8cc57f139d7125b1edb09adb68edba9761f2518f2417d408ee3796fa13a58eac1f4bbaea0eb44e677423b17d5ab9672

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a7e706842a1e32a7f1fff577f57e225

    SHA1

    14a30db464a88baf0a5e99334a760137aedb112e

    SHA256

    b803f6e85a3807d0ceb3694c98a59829c5cce2709dd758ed9673113f803b5e9e

    SHA512

    7160133fac31b7c886c6130a01b93138dc55233a5bd1d491096ec45adda70f1b8d7c072adc77ac2549f7b4380ffd7d58a2e511d18220dde5028ab09741a394da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3300dff579b2908eb6d07ce82ae77871

    SHA1

    b6042995795f1203933d0fe27fd13d9d0bc9a2ab

    SHA256

    1ea4f2d66a5f6b52cc32c6f7a200dd55790424b430c71fa26be4bfbd30a5bc83

    SHA512

    88fd597e7bc6431279edb408b538a72b36766c7ca2016584dfa60aadab9ab687c422aac4165351549daff641f82b15a1a85eb4fc1439f02b73e7638e9b054188

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8FNYYS1\h[1].js
    Filesize

    29KB

    MD5

    a8d299147378f8132fc6df51ea86f0d2

    SHA1

    27a003d345f586cb8b2ca9af06a862fd79ac8a66

    SHA256

    325fbcb3b379730822fd41bb4704259dfdd4062c5446cb47439c385be4e80c23

    SHA512

    f0af6ffe2c054fa460fa9ea03a01cb0d5339f6158731cfbfce0e120aaceb1797c3bb223f3a2abcab6f2d0ccbd39dced294125e0c14ef4f92113fbc5fd4d99ca0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X2FZQM5D.txt
    Filesize

    533B

    MD5

    e5c18392a045bdb7587a7492ff61cf80

    SHA1

    aa149c0ae42c4d71be87b6b373d8a72693742e6f

    SHA256

    826520e68bc017a24f9d4fb02ebb1f3165040c6eba0f1aeb896201b7ac24bbac

    SHA512

    1ba54923e17341c94d4804f1dc5297aa149e474163382cb38fe19f246dfea6cd00a5023f4287b03eb17f2d58c3db22043727c61c644db4e654fc8330789efcc5

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZZUOZSA7.txt
    Filesize

    94B

    MD5

    c155ac31e3b6e2101caff088b7715c3b

    SHA1

    e2badf5900c6dee9011f552957ff2f90b976bf10

    SHA256

    d22844fc8ab09a41022367ee835b9f695139e8a00a1df1722fd165957254e5a8

    SHA512

    1a059e55661a043e6d474c52ebceee95bc685160bd0f722f4ccede039cc312b1b6863927d9b052df9e62f3a9f91171709a6c888d3981ce90db24e8903bee2510

    Download Submit

  • memory/1340-54-0x0000000075091000-0x0000000075093000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1340-55-0x0000000002890000-0x00000000028CD000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1340-56-0x0000000002890000-0x00000000028C5000-memory.dmp

    Filesize

    212KB

    Download