Overview

overview

7

Static

static

7

9a782d3f68...ac.exe

windows7-x64

6

9a782d3f68...ac.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2023 04:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a782d3f6800239cbaaf4d051e591583a3ff3f88e0ee7ddb47612d4524542bac.exe

  • Size

    1.9MB

  • MD5

    3fabb84033209a2e4e64f8bcd2fce402

  • SHA1

    5c03d4b2c9b87f7f66f34dcb8717df71554b5fd7

  • SHA256

    9a782d3f6800239cbaaf4d051e591583a3ff3f88e0ee7ddb47612d4524542bac

  • SHA512

    eee5481d1891ee64972501eccf0f07fdda5178a6cfadae036be6a9ac74c365dc66e971cb3036d7acac5872b8acbe8f69cf16ecc30e0f394c289b62df810897ec

  • SSDEEP

    49152:NhlbR+eMP/ij2JxPZfypY8/JSQfzkVRaDCVvrc:Nh+PC+xPZfypY8/boygjc

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 56 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a782d3f6800239cbaaf4d051e591583a3ff3f88e0ee7ddb47612d4524542bac.exe
    "C:\Users\Admin\AppData\Local\Temp\9a782d3f6800239cbaaf4d051e591583a3ff3f88e0ee7ddb47612d4524542bac.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.yyebook.com/outtime.asp
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:276 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1132

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61d83c09ac3b068432d39ce6b3f71458

    SHA1

    eb17ffe7c72e18a610de403179d430c9e70f4db8

    SHA256

    e63b7334a17068e9f1593bc15f24f70d663a69a8bb5c90137f9a6b311281a4b6

    SHA512

    87869119aaf37aa0063acde2982867a48c2929488826bcc4929e57fd8b3bf5312a845afc2db2d22d710a04ddd3c5e7017298e0c2833d08df29f1567db6345414

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89c705409648e7c28b38078bb5b0afe7

    SHA1

    01fbd5ae85564d6bf07a1ac7e5e4f8a41151ccb0

    SHA256

    aad1fe35c2c72388b5bf7ea7be974dc922cdeb906f080832ef30400316414444

    SHA512

    b8eceeac2a30dec5fa8db6bb718420490141cc3923619f4b244fcc260564c0a815d5ad432acab5b34f4861dd15b154549ed414518159b0f9ef05bd4f80d5f8f2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c11d9019bc40e75f97a996913f63e649

    SHA1

    59a653106c15b9068373fe5d367bdca1185ba2f4

    SHA256

    a463dfbd86c797d78551f421fc6b35ecb5b23015cb240757d1fb8ea48f9abefc

    SHA512

    31169c74ccf1c76c8200eee48f48286e92713bfe62b7f587810f785ebe016c53b32a8ed758cbb4d1b26212dd00576791e5bfe265440a29d4e9eb573fb40b4f6e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a2ad5e8715c5827e4102024cd0711663

    SHA1

    5a1f3b59752627444b9d845be1e32dda93153e6c

    SHA256

    bd56dd96481a6534ddf73a5631e463f50dbee6c0939b77a3cbd5cd6d86e0b95e

    SHA512

    46d7fde5f250b676a18d1ede163c0f9af15510a600840d90704a89a51fab432319014ed9f4b4fa4156cd07f5dcfcb41d7b7f030221bec0ba8e9e0cb67a2d3a50

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df852679deee3bc61db45228c649b886

    SHA1

    8532986de11307188717bde2a51eac47b64da6fb

    SHA256

    89db9eb7a735920d9ca138175248b08bdd77ec0180fbc1fae2e8ac44650c338e

    SHA512

    2b5442357730e34d42b945701a1056be4d3a0e9d812e0eefa4336ac8dcd05c879a4a34f6370a140bc5e45233db915be557a6d9caad451a9c3bc5d1fa9d98d65c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    95919ce78f6530273db70a695c4b8153

    SHA1

    9c648c1e30dcc958f3349a4fd6da8c4da62947bb

    SHA256

    404171a161bde0050d4cacb5fe6d19972a09199476775ee28d585775a9285b29

    SHA512

    85765001ec0cce2fd1b14448dab284e3dd7948228127ed7e63944affe2a73cb5888f10b0e267a25f893683baf5f88abdf1cc8df7beddeee19d32f23d259391c6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VI1KLDWA\www.yyebook[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab8AD4.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar8AE5.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar8CA1.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1GPFKB1Q.txt
    Filesize

    599B

    MD5

    177a9b2e32665239ab67e19e455f3221

    SHA1

    4413111afa079c96eed5d14412d4f355f865f8ca

    SHA256

    609ee7685b2c5c0f2bf8d0cb578383158502144ab8fed8435d1af74483cdb3d6

    SHA512

    6f1ddbe28908ce0225c8f1a7635e02781f4666b416b2ef745eb9188622ade7b819af9994a33141c5b75b3404369b14d6a70af36621d32850e4b32aa2fad0a990

    Download Submit
  • memory/1244-54-0x0000000000230000-0x0000000000231000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1244-56-0x0000000000400000-0x0000000000704000-memory.dmp
    Filesize

    3.0MB

    Download