Overview

overview

8

Static

static

90f47d6db8...18.exe

windows7-x64

8

90f47d6db8...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    130s
  • max time network
    216s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 16:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118.exe

  • Size

    436KB

  • MD5

    2b6f83b27b4fed3facced912e1e3a3e4

  • SHA1

    ece97cfb025aac9ba09f1df8923d89987999935e

  • SHA256

    90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118

  • SHA512

    2c3a0923c908ce8e743ccd1c7db8fd54fddbcd5255aa2772eaa01456b98317076024e397f557f5ce41434ba837f24266858b4079b2b80ad838e9201da7ed1c6e

  • SSDEEP

    6144:7fbDK9TMEBjMO5npwdK/1ZmYvUkbxcRb4GYT6Q28sb0Ro+kH0qdNvL537JG2xmGy:7K9TMqMOojb4fX2YMnrvLB7QHpT

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118.exe
    "C:\Users\Admin\AppData\Local\Temp\90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:556
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c copy "C:\Users\Admin\AppData\Local\Temp\90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118.exe" "C:\Windows\scvhost.exe"
      2⤵
      • Drops file in Windows directory
      PID:852
    • C:\Windows\scvhost.exe
      C:\Windows\scvhost.exe
      2⤵
      • Executes dropped EXE
      PID:1164
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c delme.bat
      2⤵
      • Deletes itself
      PID:764
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:980 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1340

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01ff5fb753e40857359a0fc46a3aeaf9

    SHA1

    61022fb6c02e434ea97ce9d591ac2af3fc30c70e

    SHA256

    d0ad04cf18f41454d836c3d273f54175398e53f88b6944acbbceb3a2ef72a20b

    SHA512

    d6cc26cc6fca22b6eaa094a72bcf33680a5483403e6de15db14f725731507bb700b8b0628cf3b9dfa17dc4f206f07c4397a21029444a0d0ceca6fb6f591e9773

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d4f290d2afcf12a666491f0539f8a605

    SHA1

    8d42e2a7d46e7027ad661d421e08409ef3cdc1bf

    SHA256

    b44afab89a899104ebe4290e4fef1e3837f1ca2b94b3fe056f9c049635e09f7e

    SHA512

    ac4930432289507626ca4438ac89ff67d06eea3a4fe21cbc4a426b529d1e8ec78f3b4ca7e2e1e4b4e3bf5db070f635f5a231978e3d5b1c9a55ddc55a4c645a90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b27b7e8785c91efdd285fa8e7a4c2797

    SHA1

    9ea42d4dc83db3a00b21073aabbcde1874071ac3

    SHA256

    0cfa8f02c6bee84562af67a92e4ebf5b3c692afd067cfe1986665aeed89d8831

    SHA512

    e0df52d9b33fed80aac08c6d73ae69428bea00a2a50890d7e552e953260613f800d9a6df7220871e67869d38d0df067919fa1ce74c328d3c1b99c5e5a3d23811

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4424ec859e525ff67eef7fdf5cdc0a51

    SHA1

    cfaaf84ee769e6b06e6873786350c624cdfd2837

    SHA256

    fb7eb783b6e4834755c89e4fa855b8e4e236816bcf0f396a1a2b01ec5e1e2dde

    SHA512

    83ec562d25413a0dddfdc5421a26308296ef137e2e68906f4b97626f2197e5d8176db99f146ce1c31b9a423219d33b0cdc1f0004f9840608cb57a77e7b3896cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0184ac7878591982c3e85d6e2e2b79fd

    SHA1

    e16d4f45141cd312e33aa17ff273be2928ef5b44

    SHA256

    7a9b059b219ec4c106f10bb59a87c35a4b25af04d4a820a9116003028d2c3a3c

    SHA512

    86539af97655da2f7eda99b1d2742f8091890e0000bc5822815eed5742b568ff6e88d208214d96ca60f765e8686fc52fe8b4c31864ac6e6a766827260e35dc5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adc8757c5a707ab16986b9479b536eac

    SHA1

    5497182ba617f61fbe72349e38ac400a3718610e

    SHA256

    42fceb5067c46a9f2f6dc3bf4e8d7b4473e21d2dc3f24c74d1a839bf97d2659c

    SHA512

    a34eaf75ff24167f22010414413190ba729679faa8036ff0787449fdc9ceecb4ac1fa6ff7b9b178d5ab02b86b162149e3a3a86ec161e7db500512d96c4f69f8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6192129f462a42e57f6b135edf92a0d

    SHA1

    45b5520783b0d51a8ef53e1703e9cf19d503af3c

    SHA256

    67eee85243e6f752848180fc4196707e3dfc93491a56fae8ea2b25d615ac48b2

    SHA512

    e79b7c9f5d15563d22270c86a0384c03628df531a522dd93135952963e48d83ca0839c54cbf5005d3f80c5189839cfebc1b079ef9d27dff88359a393bff05d2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05e68ec517a9e361e027402bc31545de

    SHA1

    abfe9a0bbe11db5b051c3f7e65d388917f85ad82

    SHA256

    89cb1d7fab09bc9d8ad3ebed56775e8a7ffb095a41c8548a94463adddf440a61

    SHA512

    d8f8ac6267e507a4d06af475c8c836664f29670cba6cdb06a3ee300d94727d584751096ca32e591a5d7388e85b3ac4a9f4aa4af93dcdc6afe6c05caf9611316f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb69169bf044fab4a6c674b7bd655cb2

    SHA1

    2728c70fb1e93077c12e0576d75a22f5255624f0

    SHA256

    528484f443708238af5d80d04ce8470fac325bdffd6b0e62174cf82579b26f90

    SHA512

    9a2fc1dda7fffc516d584d26f6eb5d96969ebb6046908ce5be7acc5b1535e86478a0d2517de1a20ff05b489fa77b237435020e7a2bdc22bcfebfb83ffda09a51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b211e47597af5fe6f083a18b94bb2960

    SHA1

    b586010a7ae2377a1a9e2839c4019a1dae66cf28

    SHA256

    a0d35c6813ea3277985a11f5efe1283a94038e9e42e51689f0255ff490e6794d

    SHA512

    10fdb23f95a548025529958619be0c77277f165eafe55c3ec7f6bdbee8504d90906ba58961c67f292d993cf5710c20d9988660d39c3a17817365589530986e86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8406147a67644feb9bfbd19704f577ab

    SHA1

    63d5031b62d9b5d9e751a96b0ff3aa6dc4b6e196

    SHA256

    fc365c8b27b3ce1c868c4ab2841f1e3763df3414517f675cf92dabeea5c18f0e

    SHA512

    23fa92bf4e8e65a29892b445e3ed02e0cfa1c407848f9c6464cea072e4fa081e7deede65dbfd0428f0c6428f5f169679e8286e84f2479c007a61ce35fa933a81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ed871a22c330e56971cd76554dfeb15

    SHA1

    0fb84cd69755c8816729bea9b71da16833f35fd3

    SHA256

    0b81730fe362895cac7a9088942f320fded0deb11d7f20348d58c32b91f5f450

    SHA512

    ca34bd4a1ddf2120a18791dfee950064505b9a1fd09f4ff33093188c35378999fbfaf0bc242807464b3aa03e056109b5eb4263deb5c9b078da644a1d6baadbf8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    948c8a8b17b6d6cdee9b63b28e56c507

    SHA1

    443ef7c7cd8016f2651a32f5e747307997d0ab03

    SHA256

    6224fe089682da7fa54cf17aba67e135b889be8cdecd6a61036f7bc00a1bd957

    SHA512

    ebc0f6773726e0ea4e34f81acc3634479934c13a05668f122656ece77a2fb66b0758c4d4107f29c35ca0d827332e25b0e7240d6781041b5be928470f14f80a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fdd8e5d54ea02d3444c7c913b79f555

    SHA1

    a4c89da6d4680749b0f9775f9ae422efd5b3827f

    SHA256

    860996b2eff21861a109f2d2e6e69a164e918f8caf7cc5ba466577cf7a48783b

    SHA512

    fed97a18cf9bb98788a4613983ece6ebfaea061c615ded466cf7b4788ecb522da55e24e159416c7b003331476539aa06ee85439296e824fe13e19e84315abb98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a7527e9b2d28a766bb958491893b9df9

    SHA1

    7698ade3009ad7c6b4b05eb588d7de5ee4068956

    SHA256

    c04a5b0b97a3a5e8a2f192fd4bfe24772d055ed0d98f2b01a237a38813249b99

    SHA512

    116c2907a209c6968869742ebf6db4f977ad2f326414e39bec2c2bdbd78e1dd1607d17785feece384613e221db1b7b06f3122b73c4ecb91ebf25cd28cf863fa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6605a35a0cb8729f58914a4776cbb885

    SHA1

    28d80df496942a9f4c7b31abda04de7eff0990dd

    SHA256

    ae06280df2871590a7b360b0404c160c0c285b18c524d69cc69c61131932e683

    SHA512

    8a8bf845d35f4ff88e3e524c729361ea821b271dad8109f463ccabd6e47a3494738e45913809a7aef618a0f3560f1288c183ee6912b2249cb646759f46c4d530

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
    Filesize

    1KB

    MD5

    39b99a2275ce66461ae5b1b9c3daf5eb

    SHA1

    402e89396ca8c26519ff5ef8f027f9dccfe98d27

    SHA256

    3488b58636aab9792ac6474a2cbe5aea69560a1f2668b17e07b2dd24cf5cc086

    SHA512

    b7ff9fa29999cfc0fd3044951a5d784bef96f1ffa9874480bf3b80a53f12191e003e7dc38f3298f9dbff5502002b7c3185597d23fece98e78cdb318f4ea67be8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\delme.bat
    Filesize

    257B

    MD5

    8367312de9f7ac78ae88783395b37f78

    SHA1

    a8f1efbc9e43961b1c16a840fe853028a21480fd

    SHA256

    464187b92f89354044c2305e102ac8f13d57feea058a0cbfd5a5f81026aa4f4c

    SHA512

    865d40c0f4d378951c0ff260e3601b1b85a94adfe4901f57473243ec8f683bb60e83051b563a14a2f1ed0b5c8fa77bca870e0efd908fb90f3912e29090115bd1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\TAEJ2FVP.txt
    Filesize

    601B

    MD5

    878e0f0ad130b3bacd3dfcb30bfab32a

    SHA1

    2c65c4636970277b095a55e316d03c0959422b26

    SHA256

    269cb18552fe273cc97f2840397429aece349695edca0fbff052ebc75d263e79

    SHA512

    5677b15ca8cc1d523ee0489e2a8b29145a3ea039b0a1f34702d5fe5ef45bd93f98f585f5e371862260c058a344ce261713809cc43dbf9f3e170e30bc1126c594

    Download Submit

  • C:\Windows\scvhost.exe
    Filesize

    436KB

    MD5

    2b6f83b27b4fed3facced912e1e3a3e4

    SHA1

    ece97cfb025aac9ba09f1df8923d89987999935e

    SHA256

    90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118

    SHA512

    2c3a0923c908ce8e743ccd1c7db8fd54fddbcd5255aa2772eaa01456b98317076024e397f557f5ce41434ba837f24266858b4079b2b80ad838e9201da7ed1c6e

    Download Submit

  • C:\Windows\scvhost.exe
    Filesize

    436KB

    MD5

    2b6f83b27b4fed3facced912e1e3a3e4

    SHA1

    ece97cfb025aac9ba09f1df8923d89987999935e

    SHA256

    90f47d6db8727eaceaa1e9588267482d9d1ead3dd0437beafa1dfe0d3d688118

    SHA512

    2c3a0923c908ce8e743ccd1c7db8fd54fddbcd5255aa2772eaa01456b98317076024e397f557f5ce41434ba837f24266858b4079b2b80ad838e9201da7ed1c6e

    Download Submit