Overview

overview

7

Static

static

9a57d0f6df...08.exe

windows7-x64

7

9a57d0f6df...08.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06-12-2022 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a57d0f6df862743f97b0e26a53e07f2390e9e8983955887cd428bb75bd93608.exe

  • Size

    36KB

  • MD5

    859cc247e9f9f612eb010ebfe8bc1f7a

  • SHA1

    35b86fe24963fe523fa50fe8a2bcfc374a7314a4

  • SHA256

    9a57d0f6df862743f97b0e26a53e07f2390e9e8983955887cd428bb75bd93608

  • SHA512

    60b47be01827ffc6dafba4217d38e649d37fed9c94aafe983bb3853b0ae1c509094d116af19a4ae11d584d62ae4d65efba6f1aa95265954f90c04a52c61cd19d

  • SSDEEP

    192:sLRgcTP2KV2iB4yWKbB5RMbr7dfJ/eJcD0ue/8:EHOK0iJWRfJnAvU

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 15 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a57d0f6df862743f97b0e26a53e07f2390e9e8983955887cd428bb75bd93608.exe
    "C:\Users\Admin\AppData\Local\Temp\9a57d0f6df862743f97b0e26a53e07f2390e9e8983955887cd428bb75bd93608.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.wghai.com/
      2⤵
        PID:804
      • C:\Windows\SysWOW64\explorer.exe
        explorer http://www.qsyou.com/
        2⤵
          PID:1724
        • C:\Windows\SysWOW64\explorer.exe
          explorer http://www.super-ec.cn
          2⤵
            PID:964
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c C:\Users\Admin\AppData\Local\Temp\a.bat
            2⤵
            • Deletes itself
            PID:1880
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1124
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://www.wghai.com/
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:320
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1564
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1644
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://www.qsyou.com/
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1412
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1412 CREDAT:275457 /prefetch:2
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1592
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:1876
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://www.super-ec.cn/
            2⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1740
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
              3⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:780

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          f3d8cbd89a38198514090ac4018ad648

          SHA1

          34103f6ad8198b092404aec3596ce02bdfa69d6d

          SHA256

          c3193e72bd4066eda0d62883c27abe03483f47cd86bf38f3f9b7b94ce6d8dab3

          SHA512

          add2d31dfdb4936298f6fdb749c4b14090dc21b63c9eaa4dd9360daef45ce40adb6c51481611c3b0ab81aa7789ceb080a0f910e8000487bb70da0cb7813f58e0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
          Filesize

          7KB

          MD5

          128b756d3be59fd846a3a972b84b8fd1

          SHA1

          c1250b6e8cf32a2be6f3aefff7134a9ebd9ad664

          SHA256

          1885e5d1a69fc5b29df5095824f3b73c2fe27cac566797b0a5e502c1b6489432

          SHA512

          800c8eb3c547eee8bf4a963e2f525daacd387c171014453f640715ad964697b6375e2e70cccfda4f30397fb585fdab55ec739a311fb1f036182222c44fddf237

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_1F9621DB6ADF94C2E3A651910DEE5D28
          Filesize

          471B

          MD5

          a15de23015872f999e7b4fe1ff3aa1d2

          SHA1

          10a51a76a6f0fb1c146077abb1f70b7e208a1751

          SHA256

          26ddae77e27f7c29f921edc208816c5f5d2b10621d31bebd7c3fa3bd80e23a5a

          SHA512

          832c9b382453ba9ddcca605eed0bc27a66e8f8ddb818dabcfd017e5ce0ae1efd2d5233872eb54338fa4b3ae91b8d39b82f4c91eb15bac6ab1028a83bd95e153c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_38B47E384211315C1B3F041145F166C6
          Filesize

          472B

          MD5

          74d82b5960e5e12af402b01fa10b0829

          SHA1

          4b80baad99eaafa43a8a78dbcd8e0df4141b3dd7

          SHA256

          328abed4a3d2ea1d745c64c5c40925ae5efca25846d2e1c8457a030347473b51

          SHA512

          7a436abf591352fc0141400c8ce5ab2edbec5e7470991032a09c3910f8d75ccb7fc3313c8a64d798c832b78a30aec7726c7952368f51e5a9ddc659c708da309b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_09717EE90D5EA38724B708130A5F8203
          Filesize

          472B

          MD5

          784e0439ec6be7b4ca1312cd7cfae85b

          SHA1

          18dad06db451855d3009aa3207d868895c577666

          SHA256

          6369a3e27c976088b4dda95da9422fdb201979fedfcb4edf9db60089fd9ea53b

          SHA512

          23f6989a406fde8a46e3136d1a55e34a64085f9fb3c9f367da747562ab7ae0092885a51ef7973c9ef9aa6b29997c63be852646a23c76d9550e4e334aa8648b3d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_3BF35504191E4275C8C2312B8FD77C33
          Filesize

          471B

          MD5

          2bbc2a332da069e062c141b6755efb07

          SHA1

          e7cb19a32562264a6858b73f90caff1fe7887a29

          SHA256

          5fad6e64460cced764a9d312bc67cf858e5b28e5b2e107dc790bc5973f1ecd1e

          SHA512

          8fa8f87ee631afc4f2460b8ebfef60083f63de7d5b95ef9452a98efa450a43d4862414c8dad4c4d95cbad574c22b7976708515938ab4d2b721b7356bb4e8ff85

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          13c6d39211bd90f495769815a27054e8

          SHA1

          0f3423ee41d586f66905a62f9182747644ad39ea

          SHA256

          f8f1a1a61a04c19dc22c5e33b5a46379856f9f3327e5fa6b94e0b6b52b9a0613

          SHA512

          0cc9d39ac10ac9019b9b43d80c431fba42c44958795e22e8d1e5f7359e86790f259a74ce8fe3e4bee0a4c8d33295e1671049dd7c0a16f9747c6542f9edb51d2e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
          Filesize

          232B

          MD5

          bb23bcce47d61f1d6b3caee6958c094b

          SHA1

          b2bb93579e5b1d2a7728ed94dc75d2b0231820b3

          SHA256

          e019f4a9890697bede35c1877bbc1493527d4a7c936de1982623ee5a57c23da7

          SHA512

          443d02d80276f200d19e6f70319ac2898bebf8fd5777dc2e9bfce8bce7912aa337539a4b7731d602c4adfc9652ee5f03bc8e6d52e8d04712360050c8f011ac60

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          340B

          MD5

          79912032d7043944aa605f7e47602d3d

          SHA1

          021654ab3c0cd419478fa3ad42762d5dff45783b

          SHA256

          a2d8a07b4949baa896236ee92f462debcf08aefc2fb0a039a66fb893521c49ee

          SHA512

          0d5231df8c3c0638ebbc1d1a82ea1be9808cc54649ae1ec543c4babfda0d3d2d26839b60cc5b2047145d7b085127c96a3e98bfe6b62310057db97588ea70a8f3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          81655940dc856b46dd44dc3d54356c74

          SHA1

          97cb90189dad8b9265ef73976331d4df3b721318

          SHA256

          4d786b50118c885112d0ac7bdc0877cf401c2e58f9d48c88e92287e1c7e13873

          SHA512

          d2d7c191b1d867a09ca5cf8da2fea54f923bcd0bd7516c30bf513e6c28b67a811d0c6d96d95afa34c99e4edd55f060d685b58bf38c9815fa97ae42a349a44b71

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          8948246de8a4738bdc4ec6f4722a1544

          SHA1

          2965162c0452e43a373314cc6d10aa81a2cc8b1f

          SHA256

          00e2fde561a979f76ba061c986b65d98b913db098fc336e646a6e8b39e95c27e

          SHA512

          3b94abdccb22c72f469e8d4a38f14161b31f5f01c3f466ffa9592ae5225ff7416560cc60f82f39e6a3255684f2abb1de6331941708fb7fea65221304936a5d1b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_1F9621DB6ADF94C2E3A651910DEE5D28
          Filesize

          406B

          MD5

          34602eb4dda0dc8ceb8b3aaec9480405

          SHA1

          d5032daf4ae2352252ebd4edd89d43aa69493ab1

          SHA256

          28cb89eae7baa29517a756ce18bc8e1e4703a638acbe8b32cebd479c52001f27

          SHA512

          3607546d9cf9ec28c2c3aa0f957ac491564226623d8b42a7cb25285bce293562d6942cd37deabee4ca04a26ef758cc86ac3a4d75eb98003e1d8786950b01d750

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_38B47E384211315C1B3F041145F166C6
          Filesize

          402B

          MD5

          7cae20901ba86285b3278819e0b9cd20

          SHA1

          9b32983b688aa73dfc2d595f2ca91a2dd560d399

          SHA256

          8997a9c4e8f9168ffc7018a723a76c8173389276a29fe36794fed3b5b882b4e4

          SHA512

          1e4761bbefa677b9f6fb2f4c0ee38f3ce2853a81aeac5321ee4bfcf2d8bbadf5f9d7c53603b09f36943c6fb76d895b8e9c6a55d368c403a2dde02d8f3208cbce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_09717EE90D5EA38724B708130A5F8203
          Filesize

          402B

          MD5

          abd711ac6eb1d05e340616e812fe6436

          SHA1

          90b772f9fcffe69e19caa15e23779b018fb2bc98

          SHA256

          595ee51d90e292ef88f437c7249e6d1fee71603f2ee9923570b2d2a92fae2c62

          SHA512

          e4876d4887adcde13e62789e2b434aff87e2cf7617f5bbca2222957b551a9f53e1244ed5e6a1c0b7b538d58d03dd9986c0ea208c6a3117eeec6ec1bd69fe4a77

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_3BF35504191E4275C8C2312B8FD77C33
          Filesize

          410B

          MD5

          9454977d9638d1c5b91f9e79b35764b6

          SHA1

          c87d61beac85b7d2e3b53ee84d826966262dd197

          SHA256

          f64700d38e03a3da2842876069cbc7c2658067809edbc11b6792045a1b0a65dc

          SHA512

          fe6027e2047d4d777564aee8b9499bfd394399cf22bc788f659860a77bb112ecdc7ccb1bc1d6f1628d080d78fefbf6a4adfcdad2c107a27333d84259df91d4b5

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57AF6CA1-7901-11ED-93F0-EAF6071D98F9}.dat
          Filesize

          5KB

          MD5

          f0337a5bc3754640e186df8d2f534cae

          SHA1

          7ad4b76224625ec979573c079c37d573dbbac025

          SHA256

          fa8392f51866330cac5cf5973c63e4bef48d94e6466a34dbea6330301b9ee932

          SHA512

          eb0dd318ca4a119966e85d511b9e208448994126f7c2e852bd692648b826234e6baf6bcaf41ee8a27b1f9f9e8ae1010db5c4a6e94c55ef76866eb403f4a33b6b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57B1CE01-7901-11ED-93F0-EAF6071D98F9}.dat
          Filesize

          3KB

          MD5

          44788d826efd0f2e27d1ea07f45042e6

          SHA1

          f4750e1e4cd7a512707f759b6f18514a73398961

          SHA256

          fdadac1873d708756797761ff596b60fe5cd916e9dd23925f115a9fd070f961a

          SHA512

          b195f7b7721fdb750e8c1cb1427a210cd3a6e3f757a489c04ab4105674988298fb501c13b1ec656f1023143937d15d1a186e980e05d3994f111997f32533ea7e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
          Filesize

          5KB

          MD5

          aa8637cf07bd1b6a144ef0fe75712dff

          SHA1

          c6dac4350ac87b0dddd3c3b69d3a5154b5952658

          SHA256

          54ea7860e5fcd6eac6bc20b75e290fdbb0b0caebbdb814752912e57fe5875080

          SHA512

          fa9f223b293bebac0b66b48e86fdd9da0d1822d73b1a7a2410dc87313ed8a238fb94bf702df01c63928538c3ea4e8350ca9dca6a1bb5a297fe07d9aaac1af675

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\a.bat
          Filesize

          118B

          MD5

          79c2d477a8ce46d58e595f517aaa6304

          SHA1

          d6f6f39d0231c16b1d0b1a9058e24c61c74dd990

          SHA256

          284a48568ac0fe5858c338a6752f14b211d68442280ae33506d6a21defd28b77

          SHA512

          678ea74fc7759ceb98f54524d6fe08f43c61bdcb9073f1c7b809b5bc7fab8869132a97b1b05840a9dbe426e0ae34eeb6c92743a7e34e34fd89b478246eb9f469

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C43L77GW.txt
          Filesize

          608B

          MD5

          af22a700673e12c893bf94010d93aac1

          SHA1

          2abd3b6012211de026f8d3d8491cc5309b1c019b

          SHA256

          f9c2ad701a37e89bd2e2577349229bf7e8c78682806285085c17811dfa7c5679

          SHA512

          2ceb264b97e0c42fb60803e2ff918cdbc076f54ea54c5a780945d9072ea819055ed3fc92558e75d97070f6b5ade7c7bf42967a5018a03838212b0f60c530ab96

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\DBHP40H3.txt
          Filesize

          84B

          MD5

          cad863dbe807d15fe4aa155545b0cea4

          SHA1

          fda5c75fd6b8b7dc39af9a41b71d06f27fa57c1c

          SHA256

          2d51fed9ddf16ee49e988f5dac1c49597070dfd82914a441f33dad6357a59d63

          SHA512

          63a2c9ece69b7e2edef42ff86b7c467c23664bcd3dcd5184db0994919e73dfc04b7dd349254d6a075f346aa33da4abdbaf5d1ec8064b5246b49d27f344717454

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RMFFCM4H.txt
          Filesize

          327B

          MD5

          a95bfbedc74039d5804bcc7158634057

          SHA1

          23b4a14f168c71cb3018f92c88f39c280bdeee25

          SHA256

          5116be8b1e0a53f678655b074fb3eb4b32bcfdf86598fcb93bda2fd71f7c0a26

          SHA512

          0869d255a1d3f64e17cbac0a81b263c0d0c570b5bc5020ab44c15519e059dddc11b79737457d818afdbb93aeee2efdd41cf5497880bc761bd467360586e2b6c7

          Download Submit

        • memory/804-59-0x0000000074891000-0x0000000074893000-memory.dmp

          Filesize

          8KB

          Download

        • memory/804-57-0x0000000000000000-mapping.dmp

          Download

        • memory/964-64-0x0000000000000000-mapping.dmp

          Download

        • memory/1124-61-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1648-56-0x0000000075811000-0x0000000075813000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1724-60-0x0000000000000000-mapping.dmp

          Download

        • memory/1880-68-0x0000000000000000-mapping.dmp

          Download