Overview

overview

8

Static

static

1

RCO2InstallerGui.zip

windows7-x64

1

RCO2InstallerGui.zip

windows10-2004-x64

1

!Readme.txt

windows7-x64

1

!Readme.txt

windows10-2004-x64

1

RCO2InstallerGui.exe

windows7-x64

1

RCO2InstallerGui.exe

windows10-2004-x64

1

RCO2InstallerGui.exe

windows7-x64

1

RCO2InstallerGui.exe

windows10-2004-x64

8

RCO2Instal...g.json

windows7-x64

3

RCO2Instal...g.json

windows10-2004-x64

3

VC_redist.x64.exe

windows7-x64

7

VC_redist.x64.exe

windows10-2004-x64

7

VC_redist.x86.exe

windows7-x64

7

VC_redist.x86.exe

windows10-2004-x64

7

windowsdes...64.exe

windows7-x64

7

windowsdes...64.exe

windows10-2004-x64

7

windowsdes...86.exe

windows7-x64

7

windowsdes...86.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2023, 12:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    RCO2InstallerGui.exe

  • Size

    409KB

  • MD5

    de28e654f9f50865a673ae79732cb3cd

  • SHA1

    5810ae9dc78dbfb823d83c7d5e1feac34fd8c78f

  • SHA256

    6dafd999deb26cd9964fc9cbac7881954140f06deef3f42f6bfeb204ff54b56e

  • SHA512

    2fe636fff1d07b251240b9c269664e60b51ee02935d4c119a5b35417b65cfd1478dabcf859d505674dd3b4318627ce0fd3982b46523ee607f3f71ea9bbfa1a90

  • SSDEEP

    6144:yszAXNK+3FVQRQKTW4Kg3Xl+OeVU5yv9Of0mcOnvH3Rg9pzVP/m:yLXx0Z1wvUf0mcOnfhqz9

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\RCO2InstallerGui.exe
    "C:\Users\Admin\AppData\Local\Temp\RCO2InstallerGui.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.14&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:268

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          daf8c218f1de82bb9c5b7d3010b8cd90

          SHA1

          e4acd83da8af6f9087f4261eb1f39130d3a29a01

          SHA256

          657dd2cf416bfdc159ba25a73ceb576d956452341b72511c6eee01b65d5c0c3d

          SHA512

          d0ccd203f57160b471ec0b1df1186039f3f4aec576cddc660e9392a0938a4f6c8f86b4284945b69684d8c7fe734c35b7200307ad9604ecc7bf9bed67f4025ae0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          67c8aab0ad3d796cb157c51118ba29ed

          SHA1

          8716d210f29d9ba5bab7c81fd901d2c83fc1c463

          SHA256

          a450d71528ea69929b38ee25f62e24f3eab4d78dc360321c59010af068109126

          SHA512

          777e01909820127b80ad7d7d2f7722e8b704f41337988c9ba8a368d04ea83b04aa231eb5955ca5e5883d3d3bc6ce646958be1d30962be130a28c8e8cb0f49ea2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          626e7f853a77e178b79bfdf1168dc330

          SHA1

          c206c253028b4bd5c885f78a1cd63a733cee396d

          SHA256

          392380bdc91aabf5be512f01517fe7f8f7c94629b201633e7a12de9a375e6a8b

          SHA512

          b2589373904b4a8010bde2d36265bfb6e5bef1e1aa1f1f90b4cf89aa48e9de8191ceef782cdf4e55ee3d7f978b30a1fc8d2f8530431825c7d2a9fc09b2a2de41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b3b965c5f61b229a17c6943565e51ee4

          SHA1

          6d19fe9c3437009e13574bd54e828d1b666cfb99

          SHA256

          fa1739ba3804f84f13a805f359053a76d5da4193bdb39be7cab12b23a72252da

          SHA512

          3000cdee72ef49291f6b55e3ea3a27c9d7045c2d6b3289cdd0fad862775ec74f32eca672bd8ce4f2c364b5279035d110c06798fdf31f75ef19996e8c21effaf7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aad9fb984684332dff55c0783413452b

          SHA1

          6f7ed0d8243ba94f69a685393865fb8999f0ab1d

          SHA256

          e8b8c2faf5cf84c9b44e3a1b8eabf9a08280eecb8dfab68ec8419817747ad088

          SHA512

          f42bf3691b0b3e9108e4b2f74851c7e60caba9fbad5877362bc40cd776fba2dc6c0f03c285cce89a19fea2f5c0657b71fbf3b8b1a424874cb95ef73f4825ac86

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          376b9062f1dd6777eb9c35289aa31fcd

          SHA1

          be6311849ca71f8fd44ab55a21265382520f1b8b

          SHA256

          9bc4f08c6270432795c04e16d52151d2bb633478cf2943c10bb2b494b400ae5e

          SHA512

          5a6782816c44d7f484450bc71d7494664e2141ddf1234250aba4582aee7740dc5aacbe665094b707e72c1855e3d33908aa197d50592094b419b972fa22f85301

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c58db6c8ddd294fdca82e09c74e52ea9

          SHA1

          fc027255a18c017140de98cb7223e2ab02dff7c4

          SHA256

          535785a57eaad0d047000ba0581d5f663e6c87117f01cc61be12254be49c292b

          SHA512

          8287becd38a3a8db85adc3ec761426f381a3be2ff8bf431bbabc17cd39dffbbbecc882bc09c794c6a12de7bd63390e715ca526615e879d3db05af217062fc277

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2ce0204a353ca87b592b34587157ffde

          SHA1

          f12985ffd8a9c3448149d81a89c73f21598ee5d9

          SHA256

          3d2032cb9b1692e7a9d1695fe90b5a5d55115fa12d840550c3effb31e90ebd40

          SHA512

          1d9b998f0e9908ee109adead194094f77c5b76258babb168dec0bf45b349b548e794626206b4d55a46aa6d9f25302798ff30a2098a93d5f34ac09d947d750e93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d7dae0842aeb69ad280aeaa0a085429c

          SHA1

          8918b48551076d1cac158296a45d0cdc8814c49d

          SHA256

          bb3cf4e18f254f48742abb472955239070eb17d2549addd3e5a9b900d7f68f6b

          SHA512

          9b8c59bde0c7ca14a90f3bf24f1487b6e0faf084757367c580556edae18862020957d3eb29fc47f9538b687a55f996c8dcbbc7b27e48bc56001cc9a7b1ed6b1b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7d31e085717efaac5d76a233a9044b3a

          SHA1

          f7e4809837a8a1d43cb31afe35ef59d910c3edb9

          SHA256

          df8654cb5e68eb887bb44f49ff90d2bd1d8dbb9851b5b240e0d487c3c7ae0b33

          SHA512

          e4f007efbe3e712b82d35b084bcffcd0092b8bd65fdd6025bff71438e68a6fae36c875f0a89cacdd2c55fd5933e705f04cfb4741422fd547d35d6862be436b4d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3330a45800f27e9a04245ebab9945cc1

          SHA1

          dbafc4f27cede49ace15d978ac1935e404ff2134

          SHA256

          2eb6ad73c66180e46803d16b699a4611f1e1c55beecc666040a9fa751843c290

          SHA512

          06ebc91958b6b030a963f9e146775ad1b4423d0eb8aad693a97c3f5fa4ca78216e3d43e2afc65f269048b9759cbdb5e083c9cbfe23d1d518b429cfdd33a1e0e4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a0807a5a358f7b4ead29418aa0a188f7

          SHA1

          034571dfa62bd5c2184685e0eb605560cee4da4b

          SHA256

          11b7f8f8fafe778359b0169ab221c45d4c024ec41a3943faaf76723f78aa966c

          SHA512

          ed7a61620e4af9513a49ce296584d1bd9e85fd0bf70846daaaa0e3daae08385c494f6d7015c5987f5ffa6337d37115f9cc29f9f33f43f52cf2422cb0a927e5a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4d0ee927f6c3c4077e1b75474b357cf7

          SHA1

          55d2eecc9c07e90f40cd6cccaba1e0a50440caf7

          SHA256

          126a2651a8c48472657628d9c1f604dfaadd85c238100a0a09cc7b693d97bde5

          SHA512

          b32554a37280cb4af4f5b831b6946c9f49fa28c0473e3d1605ff57e2b4826f33c13f955604396c43978c236e76dbe611292132a9089ec9de3f1e260fcfb07c1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a7f9ca3ac015d1c3ad83dca821987d2e

          SHA1

          2266f2ce4da085fd4838ea183dc0334cf98180d0

          SHA256

          cbe0a3675fddc0fedc9204eb5211e9b49aa6fa1d4927600289225008800f3fad

          SHA512

          f736d352f6821690d68743faf4922190a586dbb8bf7ba3f51625d7b216210f180d98aeaced120120ee540959e204fec1611289d522db01a6ec01b43611232a7b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a406cff15afd686538a11b54f09a482e

          SHA1

          e03d1d7a2c622036651c68463efda1e5554913ed

          SHA256

          2421f799fc58db2be1e99358adbfd7205b60694da4de5e361455a73063e4c243

          SHA512

          ef9d0c57a8e265781f760dc5dbbec6b7037e6d7004a123a768438c0cba7da32062ee1a080203fadf289be2f6d3bdf5539e6a506cec97c23282c9dc1c51748ef8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bf2f5bafbf4dac75d12adc69fe16cf64

          SHA1

          b34b87c7418e8d4969719b8ed852fa436bc31f4c

          SHA256

          05a875aa3e2fe46d4cf2ad1e397f7bfa253502d7790869a782dec98a588d2781

          SHA512

          9a0550fc1bfa096abc39f2415ba0c3e56f12ff1cb7859f9bfbc644463efbc3f1a73c5e0c2163458a56fb6f8fae76ac63969e486ae8e24d436452aba5a62492a7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          983f8913a0c11252d18fe15f3c1ec287

          SHA1

          5149b9317e07e5327503e092b5b3757a5cd2c462

          SHA256

          d2852b55dfbbcf0fe592082b3d57dc6d430de63adee12bdefd56bb1e800f43c7

          SHA512

          759da46c26a9abfc09c357f58bc80ca6daf4c7921728ab885d57e85cc3bd43b9f276aa1e7fcab0fea71a5cec6c4dda4e4145a66695a4121bca14b62aa33ed1da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f0daa2e5628e09dd00a9cc784688a3bd

          SHA1

          3fb6fbd29e43668192b37438de0e0f88bdf92d6b

          SHA256

          a1635d36b9619bc3ba9f4c8ebbb0d7b5ebc265c2d4ffebabfb8292aed03cbc69

          SHA512

          03dd829f3c7de68fbd7f36bd15179a7e35079281d878c35680a13954800c868950284cfde0b349295630809a7bee66e272a6099779fe9e5172e7bfd0bbf883f3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NMXH1C0L\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5BE7.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5D03.tmp
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5E12.tmp
          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WL0RETGR.txt
          Filesize

          600B

          MD5

          2f66ef9cb81d41c2476db75ab25729b4

          SHA1

          657b6d97438621058f418a97d03cb71470214e7e

          SHA256

          13ddfe172bddfcb60df8b763410962f6255929cee600111ebd8915fd6e7bb40c

          SHA512

          569f4d1c77c639e82865542e9abbedc46a8b11aa9c48e98a0b78257b5b0fc8b365f74bd22249d92275af8cf2ee0c595e6f05c80c48f107c195206ce938299fee

          Download Submit

        • memory/268-55-0x0000000000C90000-0x0000000000C92000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2012-54-0x00000000029F0000-0x0000000002A00000-memory.dmp

          Filesize

          64KB

          Download