Analysis

  • max time kernel
    105s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    05-07-2023 13:14

General

  • Target

    Stub/stub.exe

  • Size

    1.6MB

  • MD5

    303df0ff45fc487db83f9a14a7eb3594

  • SHA1

    e36f528cefba775bf21f04cc208e90b815df8234

  • SHA256

    35b48e9472a04ef28d51e5af06dafc8d8573d22bd4159cfc5007b7321a0aa337

  • SHA512

    1ebaec29abe8bf659255a3e78893921a5916f8ab8c8d9f607da27e6284cc885c0951bcda7bcbc6cfb47e650a3f1f96c575f0e38881474a227c02ce84821e11a2

  • SSDEEP

    24576:Di2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLs:mTq24GjdGSiqkqXfd+/9AqYanieKd

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe
    "C:\Users\Admin\AppData\Local\Temp\Stub\stub.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=stub.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    52cc19e9d121d2d1f1f5f32454bf228a

    SHA1

    352c6aa61483eaf6d2eb02d4e5e453cf68e7fcf9

    SHA256

    a02c2a4c1fd797dfd6f061651fbb9c0e853129ef65f375b7f9071fdb59913588

    SHA512

    4e3582596f43a245059c8b9e2bbbe6c553480eb842fb63031976a28c67807ef3bd081febdf7d7d4e7f72e8cec6b877a2bf76b250e1d780d4bd5713cfdeb76f84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    30c44b1a6db74b044061dd4f611419cc

    SHA1

    391fba81b50961319978fc7ce821a27b719eeb68

    SHA256

    7ddcb22352fd4cbb9b1597c6d43e3e82f04ffc87cbfcd8901d9b8ff67d7b86ee

    SHA512

    2afc0dced43273a07f429396936dfcd84832007e892d882ecc1a1eb5c4ec232b8b6885dd279766ad6a5e1f1af06f26e840226c35d14039e11a12ec607cda0a0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    81227b0bbb81a33db637ce7642f00d92

    SHA1

    ef92e7cc6f9fdc757f28a6cacdece87c0ae6c7bf

    SHA256

    058138b68cd1594bec9c0a3d496754e2a0d3ae912a4c4f3cdb0536edc0ae2ab3

    SHA512

    670c4f2554bfd1831533425c7d88a1b5bb2dd4b3cae7bc973126faf15df602b61ce2a5ebb6ecb62f19e69335a53adbbee4f543698f5ab332d27f7d509ba2f836

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ded198cc91410f3bd8d5726a2a4604e2

    SHA1

    42b0306705a8ef1474ee4cd9f5fd610635104626

    SHA256

    2a8a78e4e68f5a92551dfcb417da604bda75b26820fb7b76a6e6fb17507c84b8

    SHA512

    974bdfbdd51cea24de7229946c9bfae806e7ea53bef8d605c4fcbdfc0a498873ef9bde244f84816ddf632e81d2460ffc723d3baabbf710ef7cfdb308b1e0a03e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8965b12e18244e33eb332cfae11eb284

    SHA1

    45c5a8e8c67f2ba88094ec6234e527359e2eb749

    SHA256

    4e7c4ea7eb4b995bd5e39d90030ca77aab2dfa24f76883d0ee516dd030c3effd

    SHA512

    c580e158b522bcf0413449437a4e520642a0793b6b29b0a8dd33c67d97f949240b0ed06945c97fdbe3dfc2decee1cb37780684a54a10d2971208aac60e170a27

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f939e8e7f6e282f01cf287a25f7d4140

    SHA1

    757ab9f2492eea386b7af62fc4977a2c59a075c6

    SHA256

    f1977c823a8c84d40607e6319bf76ed748785c43857911c77982a74043c5262e

    SHA512

    e6965a0c4c1119afd20d65f7297da671e939940ba376875f85e0ef3d87b1163c74b4b3f058d82c8079baebaf3b08a06e98a079d07514aa8fdfcf1ce0e28b6496

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1911b2958dfb58c94ca16e04f58473f5

    SHA1

    cefcbf06610dd3e80bf04dda43b965fb933866e7

    SHA256

    825cd5ba68a02aec732031f4416b5faf903e1255296864490113ecb7484d3a89

    SHA512

    f15d58afae89b9e9ee3810de11f5b4f033c4beba5b9baf622e3ce32b107080b3cf07d7b0ef9941fb674143d4ff4b9d8332094e5cf58848c7d1c7fca6b0c5fcb1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d48bbb32a7c6c4652208779002eca1be

    SHA1

    4b2ae3b0d4e53787c1cf5f1ee0bec7ffa9915ded

    SHA256

    b914deb1751182303498f1eadaf3fb7d80ca0bed0d0b38a56bbb79340c27d4da

    SHA512

    6a8e4a5c02d9c429c665352a8ae1e0f229280715b78811c71c744da65e79c7f159f8c7a6be1243f36d4512904f1d5d5b31b368f0ce02fb9470c67246f66c2196

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6b0f13539d8984932a51d8ebee6f7d8b

    SHA1

    f80562ecdd684110074c8768d8b795c658058737

    SHA256

    6b3499e5b5cd4cd1fd3fcab10135e3a9cae8b1b7439d1271584082dd8275fadc

    SHA512

    a6759f90a1a76473f9a24a12af378d51c40a17b358d031939e461c7c476c9f50976205fac33f0afa8d892b15f44886930be6a605f5791515dad230a8e2d0da08

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V6CQZ6HZ\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • C:\Users\Admin\AppData\Local\Temp\Cab6F2A.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar6F8B.tmp

    Filesize

    164KB

    MD5

    4ff65ad929cd9a367680e0e5b1c08166

    SHA1

    c0af0d4396bd1f15c45f39d3b849ba444233b3a2

    SHA256

    c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

    SHA512

    f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PB7AGJFH.txt

    Filesize

    608B

    MD5

    41ec6b9c6aeb32a4f58cd19370faba6f

    SHA1

    8ad54a971d3aa9deff6b8c1777d1f102144101e4

    SHA256

    97a0d405bb3d15baf60630a41d4c937561b63daf7468554132ea3a26fe0ec789

    SHA512

    b1dbd7f292daa7391df08810c58cee76c98ad6ffa3e551a4d231552efbd3518a2c71568764df031d1831b258bd630d12fdb376cba8f8252e672a9e7089481236