Overview

overview

7

Static

static

3

Unconfirme...38.exe

windows10-2004-x64

7

Resubmissions

12-07-2023 05:22

230712-f2njwada21 7

12-07-2023 04:02

230712-el7r5sbg88 7

12-07-2023 03:30

230712-d2td1sbg25 7

12-07-2023 03:15

230712-drv5vsbf99 8

12-07-2023 02:56

230712-dfbl3sbf83 7

12-07-2023 02:45

230712-c88lvacg3w 7

12-07-2023 01:31

230712-bxezqabe33 7

12-07-2023 00:40

230712-a1lq1abc98 7

12-07-2023 00:18

230712-al175scd3x 7

12-07-2023 00:15

230712-aj3yysbc44 7

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-07-2023 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Unconfirmed 278138.exe

  • Size

    1.6MB

  • MD5

    085c248832ef03881059faec18eae7ff

  • SHA1

    8477892aadc283f5d000b2c36e4c44c370f59727

  • SHA256

    d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae

  • SHA512

    80d3327168c4597554f441cf29360d9ae982bd36afa7e6409c6e2b779eddc7a522f2bdcd190a82517fb445bf7714377f30a79c2cedea168f19139d82cc94c43f

  • SSDEEP

    24576:u4nXubIQGyxbPV0db26ifZbRQKiFDhbGh3+shiy/wxwWIFgi5LPxf0XE:uqe3f60oKil5QhiyPbFT9eE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe
    "C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2488
    • C:\Users\Admin\AppData\Local\Temp\is-OM3R5.tmp\Unconfirmed 278138.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-OM3R5.tmp\Unconfirmed 278138.tmp" /SL5="$90054,810935,780288,C:\Users\Admin\AppData\Local\Temp\Unconfirmed 278138.exe"
      2⤵
      • Executes dropped EXE
      PID:5112
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\ConfirmUninstall.xht
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4420

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    cab57707862fbf9cab7d07c9225aea90

    SHA1

    b3a6248650dfa8ad8437f41749c48c27fcf7ce57

    SHA256

    0784cd52d8c5c4538833c69031d4d38fd959a230bb69291c36e150710ff51dc8

    SHA512

    7f030d989539a1b9ed6193452e2b37f11f9601f4cf773ed671d46d65a770b2d546a1c4b4c0cf154fb1a19b3d8711b027dec65fad32ed2d70f87f82c7ff2e548a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    416B

    MD5

    87966e1bd6965d6d125971f849d7d12b

    SHA1

    3fa3519fc3deac604bfe138627dc23fb29025f85

    SHA256

    23e38617b99f9045e13a5f68ca3814b786017b60d6846b6ce83794697e2ad948

    SHA512

    fa28f7fbfe41ec3fab0a14e6ad74275c08636cc6023a7f65c9917d146fde9aacaedb84d8cf83f222d4284a9f52cf1f54475c6fc972a1b00f09eb3d338aa40bc2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\qwzqiba\imagestore.dat
    Filesize

    5KB

    MD5

    5505b99f84b2ca5cdc9eb8adcf948876

    SHA1

    20ab1f81cee4f5fde102f13e3d64eea7887f6006

    SHA256

    d2afec65ad86edd52bd7fd6e342fc8fbd4e20f269cc605fb2bc3245c203313d3

    SHA512

    9c77c3b54a044b8ee4c32d5892e67ea3c1c309a6e5d21a263a89a6463f285abf0c7ec60ead07b55d0bc061264f7e2c5143d4b9819c1af9671fcce53b9627a152

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\qsml[1].xml
    Filesize

    497B

    MD5

    cb110f14778c05649cc58ff127de970c

    SHA1

    021e55f6989e8b358dbf75b69503594000c818b7

    SHA256

    82f709ececcdd9cc355029a381cb821ef15ad2411b7f0ded606a915f40ebeeb4

    SHA512

    b2e9fbb2ec3979423131a4b0f4dd677c6f117edffc58f4ab8f5c283380856308cd69d8f8d92bf186cf0d638b87f8f9398270be3d40511ecca4629128013da707

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\qsml[2].xml
    Filesize

    523B

    MD5

    5ea7539dffbc61d6a25d752a6fd4c795

    SHA1

    4f0570b4f708bd6b30785bb4c47adfd0d955de7b

    SHA256

    9628688995b0c6bcabfffc98e4135be9d8ff99335731cdb09e68411e71d4690f

    SHA512

    bd62d2b7bb0c5efb6c6c49aa5cd1cc39f6586a27caf3b3a2c07c2166708b24a679d7d88035fe6d8be9646201f12238bed0a9c1e539cab4c14b3c52e7bdd398a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\qsml[1].xml
    Filesize

    495B

    MD5

    ddc2855875e0a54724716a581d931213

    SHA1

    9047288047a1e9703dccd303209e604f7c0ce6f7

    SHA256

    23b16a4ab557182a1a749b77afb8e77d5f2ffb54204ba47e18273d6abea20d0e

    SHA512

    3736096e016553f9ecd35078f55eee91dddff27406dad874059efe5ec16dd51e7978603c3f69b79f37b2941e25b0d3d88078a840c45b8ca527daae2e3b658415

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\qsml[2].xml
    Filesize

    512B

    MD5

    bf5e57f8653c470e94e5fb781f914217

    SHA1

    2f5528bdd6762b3e07841f821a5515599bbd9d7d

    SHA256

    aa30380ec2acc5aee5cf658d8d4350b8daf7bb8f569e66d1d1e87fa4a05bbcc8

    SHA512

    8e29c4ea13127610995b8ad940bb0a07c688b74cd307b54b54e95c169d49e895b9e0936eab6d8925c4d929897526de4b9aebc7f8a2585afa5ed1bbe2a562497f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\qsml[1].xml
    Filesize

    509B

    MD5

    e56967cf11052b2fe4ee66cb9393395c

    SHA1

    cac5dc9e5d84b7f4eeb180ff8d4e7fbd20de6d28

    SHA256

    8c610cf2acd051d79fc8781e0dd0d5fecf58b7b911e2412e28152bfd07cb45b3

    SHA512

    da9e94ffc9f2223af096391d314e6c8a03749d2a04921fb483d9e33d39b3f5f293b76fe35ae42560c20756cc3b1e34fe9500cd64f54c84b948aa0f01991bbd3d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\qsml[2].xml
    Filesize

    540B

    MD5

    491b4d230d6f271f265569364988ce90

    SHA1

    188ce2410d7ea6982e951c03a41403b1cb423aa8

    SHA256

    ec5a3e31338c5bb14e32319e59ae39444b016618c64eee5792451b9b23aaa45b

    SHA512

    49d22cdb52f2b24e4f5d890950af7ac80b3ebeac562840bdd5ba91cbe79509f9dead7ba6d6d52347f3a11637bcbe2a2bba88c8c7ae852ee053494e8389a7894a

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NKPTYI9X\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\qsml[1].xml
    Filesize

    496B

    MD5

    47851de0d0282278e771c291d7d5991c

    SHA1

    19c656f98f26c7f342673b57cb6556fa5b272a64

    SHA256

    945520ea17cb76955f2ae82cee1d722630610faf694a2724c63e90f4f3243b65

    SHA512

    e7b24ff0f91fd71b4cbce3a77b6449c1d4a96c66e4142d3ff4a6f022c36bce9e726c1ad814028202085842e56064789af7195af77f5691a1507956d0db1a81f9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SUUB7YB2\qsml[2].xml
    Filesize

    517B

    MD5

    1ac41a5e5d179e4df9ce0b27b2b650cf

    SHA1

    1914b08eb72633b8ff07b71687fb5fecef2e7e11

    SHA256

    c57c02c58bc38515e0c290a6e1c93f095db6726c8f8165f6044e4a0c0087d1b9

    SHA512

    88eb80fae93f7555af765085ee65be57d03b309faf57997657a6e11a2976876a26f1eec809a5f1991ed1ee6acd7d153ede20b097e88c92e326302b79b4c74a84

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\is-OM3R5.tmp\Unconfirmed 278138.tmp
    Filesize

    3.0MB

    MD5

    7e06750376491b308c2a6e35eca13b1b

    SHA1

    36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

    SHA256

    628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

    SHA512

    a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

    Download Submit
  • memory/2488-133-0x0000000000400000-0x00000000004CC000-memory.dmp
    Filesize

    816KB

    Download
  • memory/2488-140-0x0000000000400000-0x00000000004CC000-memory.dmp
    Filesize

    816KB

    Download
  • memory/5112-141-0x0000000000400000-0x0000000000705000-memory.dmp
    Filesize

    3.0MB

    Download
  • memory/5112-138-0x00000000026A0000-0x00000000026A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/5112-142-0x00000000026A0000-0x00000000026A1000-memory.dmp
    Filesize

    4KB

    Download