Analysis

  • max time kernel
    106s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2023 18:32

General

  • Target

    Stub/stub.exe

  • Size

    1.6MB

  • MD5

    0bbe9bc948d0154a739c23b4b0521ea1

  • SHA1

    74a5c37500bfec5286ec4f0e56663eafb536b9f3

  • SHA256

    8a37cfdf9c3d4beca639ead3b11688360333a550aedb60d4dbff82140b9b417e

  • SHA512

    78eac69129b53416221fd6663158db0b6d528ad070b8c9887293212639a2c28c20eddbf148c024bd84ea8386992dcb989ded93727d747a46c97ee751f96e92da

  • SSDEEP

    24576:i3i2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgL4:nTq24GjdGSiqkqXfd+/9AqYanieKd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe
    "C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=stub.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1224
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1224 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd9ea2041f16c1106ee20262b6a82209

    SHA1

    25baed1e8a36021a0a98c428793ddb6da5cecc53

    SHA256

    38662a1d672d650bce13c499c78465b8525141b222eb524703c8baad08e518fb

    SHA512

    3caa40816aaf9be5d88d8f95d3d7043d4c245542cb0878a81d4a02c24aa01020f0946ba48f82df3e5d98de183a3695f75d7ef3a1d05ac2601fbee951ea6d38bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1f0a5c8f142fa738e93648c14c504d13

    SHA1

    f65cea0e3843f0ad8aa20bd6b7b3e2ffcea987b8

    SHA256

    99f6c98f032ed221d7ab59d84cf6b445a1210238da357830ae5f5cbe6eed38a6

    SHA512

    58b98855b2d9a137b847ccca33c2a26a3387005b09742619478e04467a2c963c1a0f266543fd8ffe71a7626a2b603825533da777e0f8a66a76e296972156c0fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bcbb89c3e9735ef2517e7e83cde02f64

    SHA1

    57b47f423d60452bdea35e43cd26aa1ffd54a7e3

    SHA256

    b8879628e7580823536946b10148bba523e621ae220edc0c85482c02d19dc16d

    SHA512

    a06c5f28c34411bfe720eb05838f5d68de45bee0eb169d62adfbbe6c4342b370f8cd7e278f9e82c6a3ee9e020577a57b4863537c25a86375302c112cf9b91153

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1ddb00141bb2f1b70112045b597d6595

    SHA1

    c659c132cbdeb57533d8b80be4cc5764afd76e4d

    SHA256

    653360fd359baf5d9aecd133a894e811ce55960d53ae279b3ff885a838cb48b7

    SHA512

    94ed5d6bf787df393c3875859cd74e1424dac77de29a66dc6b28ddf8a2d9b8dcca60b4a919a65c448ceb7283015ccbf6e3594e7d970e8b7446bc4efb82ccb2e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1d79322c1e3cd905a05c1cbdc8bedb5b

    SHA1

    73c93d6165d3a752e228c0b4381645376326fc9c

    SHA256

    9eff1d106285cdf9de6aec4980abd9f979098551a9435fff85cb8c7939a87bb5

    SHA512

    81f7879955496c157a713c784cfed490848998b36f59f245ac5ed81b1b697ce71097e9e83d0b8c613f2cf2975d711e2f5d615921b0546f620af75d433f1e8dcb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    907a9776d7c2f421d0258120bd18ecee

    SHA1

    6b7a732d5486d98bd3aa3037845560b7bd287478

    SHA256

    e4287f7de586aff37c968c21b02e56a3285633d3820c6a86f61a0551df012683

    SHA512

    4686579c317e8088afb10a0b35fffdb4e866a1b708005eb084fae830ebcbd6b19987f5c8e08c963d920db991c7a539aac54ceada82245bf60fc2ab595dc75f38

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e5fbd56e2b65c3a0ea31597741936a2b

    SHA1

    0e9d598f5141e163779a6bd580dfccc14850032c

    SHA256

    b06a4b24d6d7e787fe763302c82fc23c66e9de97d9e7c757f53c49ef21f2f988

    SHA512

    ffe2794d28145a6b9be7ef1a668850642a4091fa942b191e90b47b7e6561beb7bf4e8c61e6e1d447d173808c223a29828733d43e316cc7be09e46faec4fc03b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f10aa065bb228b5226ae80776ef23518

    SHA1

    b381af1bb30ad0eca0ad176f2f993231f7f4462b

    SHA256

    ca4d16704c6604936fc1e209259c153e17035c5144100f5993fa1f3c72ae94a0

    SHA512

    400fde5b512760c263cf9aff87c3de687a1b7989470d48729f2e3dfa98e390115f6f8e3ca05689f5ab691fe072e7f793e999f9c084ab4134339384bca9707baf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2b93f347419eb7f87464f446d5501ae9

    SHA1

    bb89df49afa8561861dba2ff299d464694e1bcf6

    SHA256

    a4f49e7c37eadd7c3a8ff854f58174bd566b39967a44633bbb09b78fcab4756b

    SHA512

    b11a95b5ca7fb570771c4eba0a15d0c7e6170acad393bbe08ec3ce0070e654efcffd300fbe7cde401e8f6b1b9b66c09e2abb110594cf169e0563512e3712d8c5

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TEOMB6VC\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Tar7344.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MZAMTENK.txt

    Filesize

    607B

    MD5

    ac1b402a3a3b3d77d33d1017772a1a34

    SHA1

    3dec87f518583cc5dd003733415a675cef2c3aa4

    SHA256

    0849e41fe1bd2d8906c56837fb89b6ab34cd2cda54846b8dd3e1eb659b77681e

    SHA512

    fa3208e3fb575e24777444ddb25f8974e4baf8421cd90189c2c79c6d58a7a22fb0f24b5951819053a648e00dec547702c879c38560e78856b87b7d98f3369de7