Overview

overview

1

Static

static

1

_setup_XA_...79.gif

windows7-x64

1

_setup_XA_...79.gif

windows10-2004-x64

1

Analysis

  • max time kernel
    20s
  • max time network
    22s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2023 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _setup_XA_mui_Free.exe.500.2079.gif

  • Size

    43B

  • MD5

    325472601571f31e1bf00674c368d335

  • SHA1

    2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

  • SHA256

    b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

  • SHA512

    717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\_setup_XA_mui_Free.exe.500.2079.gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:528

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6ff4a459a441a5cc754b15cc179444a

    SHA1

    8da9357cb9187cd3912723d7b41c3d9a0704e439

    SHA256

    42581137a344123c34289d9d435763f225bf904569cf29d5a5a9c7cb14074657

    SHA512

    9279cb8824e5dcd914ad62a4acb3f8577a7526c0961cdaa9cb7e06236fc03cb8e60ef05ff8d7dca3518f925e182de4b6a1442633866d6c4a1d70bdd9cad2be57

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68876686a4d51991a018ccab2912c0d7

    SHA1

    fc7d590ebf6ba4b5149b9155ec27f15015f1eae9

    SHA256

    947c5a6ca4ec8d761fae8f252184b6bdb7b38e4622a7d2b98deeb9663471d484

    SHA512

    de517b69a71163b5cf0aa7ba67faafce32eb2901e9e5e90c3be25af7eadaa283c41477297a86ab63648398212e2006fe1f03df5f2009a0afc1f877bc2eb6f45f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    acfb40768c5a8e3f3f48966f337e95ce

    SHA1

    ec48819421e99299ab5bbdd1b7aa63bbba91b1a8

    SHA256

    ce0738454f5298b7746a407d22c5571ae3fd6940dcd5936b582ccd29401c50a0

    SHA512

    c00a87df0160ea0a819d610d1a4315d691c42ab15215aafc24e173f9dad5be9ea35f27e07511521f7e9f767ef4d48f29d7dc24ccecd78bc59b0e9e535d18f3a4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc7b9aeeb5603df526f678430ba36733

    SHA1

    d29ff42c0bb97db0c66c85def520a0f5cb1a2086

    SHA256

    67c340e71aa551b457bb767b9e6deff1852c82a50c5a79f7a07e6cff9631bb28

    SHA512

    bab209e41c39e0b3c55ab90a24d2a047f3ee908b017401636101f2a9816154d562f8b937f6b00148180c08fa5993d1a58a4d8b7118a994a9295f4d52b58ae68e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    abeec349c824d8bf0334db7172fe72e2

    SHA1

    e63a40de24fbbc7a73066ee67e828c6dc35abb31

    SHA256

    bd5bc85e2ee5c8023989f24e3a839cda33f66b70142d1d431664b5d229b5831c

    SHA512

    ec131ddfa45d3dd08390c2204429958ec5d0e93bfbd05f3138caa56b1fe4e3446624b3ea5f6962135a3b99af47569243077c3d32939b0049997be3b9c9c169a2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c7b31edd4333622f59a6f3ffdce7d58c

    SHA1

    928671e0a2ecf4bd8a6dcfe2c514784a2a349f19

    SHA256

    f814735789bf37d7669c1046d1fc5f6a464f62d3d4648e43ecc57b0479aeb989

    SHA512

    83a41c9fc6d053bd9497d79bd4f9ec52e734bfd780ce698aea297165f6ee43415817cc2a9938d443ff06cd928c07f6270d992fd47fa53c2b0750fdb18c1f0fcb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    086e4f8a29d35ce36d3c23c0788416f9

    SHA1

    b6460be639792e66d23fd42ebaf0a40387f7f7d7

    SHA256

    36454a0e719864ed261ee8c554e7cba73140bc64a8178d60ffe55d33fffb0679

    SHA512

    40e615f41cf92eb1e316cc6718c9458db115dd08f070174b665cd11259a55ceb3b27ebe60269e76a451676d0be17a4c35df05266a9e88bf6660f3e31bef9c2d5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab3DED.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar4085.tmp
    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

    Download Submit