Overview

overview

7

Static

static

1

80b58032ec...bf.exe

windows7-x64

7

80b58032ec...bf.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    100s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2023, 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80b58032ec0c09b4bc8be6c49bb766a8c575ae9dedbe215ea1128a9f329e85bf.exe

  • Size

    5.9MB

  • MD5

    86523e9df8ab36c4a1908a708dd913b8

  • SHA1

    21eaef059b08ba45657d3f1b64620b3692ec8ec7

  • SHA256

    80b58032ec0c09b4bc8be6c49bb766a8c575ae9dedbe215ea1128a9f329e85bf

  • SHA512

    1a993fd26356defc536cbe7908d49459db9cb9a2b23ef739d0b4ba63afac7aa7a585ac390d4964aee067a46215802175032ab044b5ced41ba4525df4a6b40f2c

  • SSDEEP

    98304:GsqlFvfpQRpgAO+gvzCslfeJfLhXHzpRedrFNw6JrmvB:5qbfdhCslfeJf/4dVJry

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\80b58032ec0c09b4bc8be6c49bb766a8c575ae9dedbe215ea1128a9f329e85bf.exe
    "C:\Users\Admin\AppData\Local\Temp\80b58032ec0c09b4bc8be6c49bb766a8c575ae9dedbe215ea1128a9f329e85bf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ra2ol.com/new/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:308 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1532

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73c508f299e4bed803b5137cf2da9c23

    SHA1

    ea7610bf044212ed24c0156c9edada3a511ea992

    SHA256

    87f958632fdafad9ed8d3291e470539175043d8279354c49df2c731f20c4e2dc

    SHA512

    47fe950d249a054650e2f39ef033081ace0886f49da3a0e1de47b7853e80b27b34c4224aa3d91cc89193a2b0a74f6054a4881ff9f57201c41fe8dc9728b2dfd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb68246e3c774b08621db6df76e66175

    SHA1

    9b53c46ee686ed9c13f25fd4732fee7f69e0a531

    SHA256

    7e0eaa966482356e32ff089639ac4f8c4d75aa1e692ac34940d2b38b15d6b5ee

    SHA512

    3b9f66a54c8fbe6c96f71d1c4b20cd737f57ba81f6b8186700263ad54f2dbea5031aea9d03bf6b16610ac235e1f2edeef3e5d37306d8cc335abb57fd0e156fb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96584c2e06a4ea8320ff8f26fa49766a

    SHA1

    3ffc8dc588505a09d17320dd446a72fa22831582

    SHA256

    749d5f0ceb5b2c2a2cf9e019d8b16f351066821cd074d2336c83da51f8b16069

    SHA512

    c656786d95c1c0bdb2fe109feda8933aedb9b58c46b34868c13c5eebbac273175d7ea61694951a2552cc6629d0fbda6e9dd8de1da70e8b1f23695f94e471685b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc36a2b8bc28f4f600cb4f85bd431938

    SHA1

    e198c66709df7ab184909f039f4b308c2b4f7f3b

    SHA256

    f6a4ee9d13811f2596e0b4b87eb85b5603374a76b4786dac38a533b88765c6f9

    SHA512

    1c4fb70045e27c8c90835e4b36f48c2cad2797b27a4199e4569e7d0fd436a3bcddcda558fa3348a3391b6f4b6e4d5ef25e7ba63515a98c64def1bc8086e5b885

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4993050c8ed384761231a3b549e18213

    SHA1

    0c19468e6b365257bedb6a1766d03758f12799e7

    SHA256

    db2797400ebc42c6c6eccaafa378aa7034f7b615061215dc04ec0561a2e2596a

    SHA512

    e39901666663369a85814010506e2a9ee9b4c1eff2db377facda03e30220f7778f47edac9f77ed1f15c89816d51b6bad0a83df3b7b91feb7b392254c1857b606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e80de856958b7e081af3b99760fca63e

    SHA1

    67c84c896576cbbe4dfe7a21bc8c852deda16096

    SHA256

    698fd9c0897deb501e74ac0148701ffd3ff1ec8db73bae4996368b19f6fe57cf

    SHA512

    4b2eaf1fffee58ca5d03e9efe31e9369f850bef9d843857d1ec9791e2e48bd0f054d28f4123e38b80a18d11559d64c38b91660a93716ba2f0f2d073837860d14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e5fe76f3447c7d99d47ca48307daa69

    SHA1

    f5ce6efd842281d84edb78b0186126efb3cb5ec1

    SHA256

    4d5fd190ae2a63a698b9fb35f577cb5e8b523a59b71397caa3a7ebb883e5db54

    SHA512

    608e90a6c15c973051e96f9c387d11f9db257c52e921ce0aade4b98f511b537fffb172c77ac0766ae3df3fad3153e7ffaa351baee231f6969d295d94bf038dd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\bootstrap[1].css
    Filesize

    182KB

    MD5

    e653a446cf4ab9992f1187b74f90e1eb

    SHA1

    8a41d01845564db21779fe03ab9155a0c0668aea

    SHA256

    a6f4ff7756a4187430759fd928da7a8bf4d66b9a28005d89ad0f5eef8bcec412

    SHA512

    861bd39531a01d1e867e338a369f916f49197514dc587479dd3c85dadb977a1a20305eb76e7b29ef2cbc444f6419f556d56a9a42de45274f4f316a8a3f7a7b9d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab957F.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9580.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9799.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EZB1GU2D.txt
    Filesize

    605B

    MD5

    f74469e6e6304ff1b6e218dfde4d4e8d

    SHA1

    4624ef76215187f31347f05e86ea2aaab67bb8fb

    SHA256

    ceff20b17059e4dc2b4796411b7424d02e99768be468ff78ae919844ae768233

    SHA512

    4bcc9373ffbe652b744cff4693bc5cc7c4557904a6ee7f2f985952f21e5fd08d906cfa170772ecbe1f9a6f8e9e86f3dce91ec5ffc7c9e7998a170fe999866570

    Download Submit

  • \Users\Admin\AppData\Local\Temp\HPSocket4C-SSL.dll
    Filesize

    1.2MB

    MD5

    189fb7af1b7b2834c6522f20d8f6fade

    SHA1

    8c66ffac2080c8956dfcd1d6cda8ef2d37bd9622

    SHA256

    acb00fa4ef2a259436600f5ab23b04896f2485b6a65b6f607d6401050477767f

    SHA512

    c1a2d8c95df87def5f22b8e071e04093bcd52148504ef4cb2ca33d18f6f7f5be19446b32cc1d19704d73b612dd41aeefa9768f4e0e7e8d14c7ba845bb737a141

    Download Submit

  • \Users\Admin\AppData\Local\Temp\HPSocket4C-SSL.dll
    Filesize

    1.2MB

    MD5

    189fb7af1b7b2834c6522f20d8f6fade

    SHA1

    8c66ffac2080c8956dfcd1d6cda8ef2d37bd9622

    SHA256

    acb00fa4ef2a259436600f5ab23b04896f2485b6a65b6f607d6401050477767f

    SHA512

    c1a2d8c95df87def5f22b8e071e04093bcd52148504ef4cb2ca33d18f6f7f5be19446b32cc1d19704d73b612dd41aeefa9768f4e0e7e8d14c7ba845bb737a141

    Download Submit