Overview

overview

1

Static

static

d4c0fe37c2...d3.exe

windows7-x64

1

d4c0fe37c2...d3.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    91s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 19:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d4c0fe37c2484ddedb26c3103e2a06ef850c64e8fb210f771048bd8ee464e1d3.exe

  • Size

    3.2MB

  • MD5

    756558d39db41f3375dd915cf7902167

  • SHA1

    ed906bf95892ebf488ed0d9e555b3e5250a8fc85

  • SHA256

    d4c0fe37c2484ddedb26c3103e2a06ef850c64e8fb210f771048bd8ee464e1d3

  • SHA512

    445140f6b36bcded8ffd2aeab9047af74b269730435d12d66255360044ba87e8a959bf331bc4898ec1d2c3ad4ff4e542187f09648a6746c4e318c23c8f827987

  • SSDEEP

    98304:UseCp1z33B1vHRiUoevFC+oi8UoIkoQQJzgGMMYcm+t:oCp1z31oqoHI2E0Gi1E

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4c0fe37c2484ddedb26c3103e2a06ef850c64e8fb210f771048bd8ee464e1d3.exe
    "C:\Users\Admin\AppData\Local\Temp\d4c0fe37c2484ddedb26c3103e2a06ef850c64e8fb210f771048bd8ee464e1d3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:4944
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:364
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:540

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      ac572cbbc82d6d652cdbe2596aeac4ee

      SHA1

      a631b27cf33fe134f42ed411d7ea06c21df41ad5

      SHA256

      50b6d8f62150a7bd25fb3e462130e8e054a0f1fb619487e8c426a4c8bf6bdca8

      SHA512

      070095ec83e4eeccae5dcbadcb3132f08fd0aac50badbc42cb72691236b6cfcdf14ce275fb1bf5511896bb4dd25c2121e044341003c1a507be8fabc0b2b1bfff

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      c87b9c556fa3108b775a3d51508bbe41

      SHA1

      08380927b99e39ed39e244e67bb293cb7f2a8ded

      SHA256

      e289283c90c0240e274182c56f5f59a393aa8da6e97f3de7041e6850231d8b34

      SHA512

      10ed92c711d6eca82cd2e84d7d56a065aea50273ebd0e689f48a1711869d3d667cd8c5994b3d28f73ae4de088854222b9d3c55d528cf75abb91fd5d5cdd99d42

      Download Submit