Overview

overview

7

Static

static

3

42c090c4ee...7e.exe

windows7-x64

7

42c090c4ee...7e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/08/2023, 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42c090c4ee96129974f84fd9d45033c7bda3e31dc66f2516e4ad45b7fce7c57e.exe

  • Size

    460KB

  • MD5

    948eb6df6f86f441697c1fa4f4fef9d7

  • SHA1

    575c93da03208588fc0c7d2fb3a8a3a86e5987b3

  • SHA256

    42c090c4ee96129974f84fd9d45033c7bda3e31dc66f2516e4ad45b7fce7c57e

  • SHA512

    3b87ca569c2dae57525662dc7a1f5d86245b600ab960b5d5957239438516b2dfde2f7fd3c4b2e5d1cfebd85dc8fb5cf5f12af3e1033f9b106a38a76b3a7417f5

  • SSDEEP

    12288:j+Ycd+ah3fOD/kJVFGekWWAw3BtJxl7LIUshDHGbJ2lKuLruePtGmdUUK2mFZ/Rr:9cd+ahvOD/kJLGekWWAw3BtJxl7LIUsR

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 32 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42c090c4ee96129974f84fd9d45033c7bda3e31dc66f2516e4ad45b7fce7c57e.exe
    "C:\Users\Admin\AppData\Local\Temp\42c090c4ee96129974f84fd9d45033c7bda3e31dc66f2516e4ad45b7fce7c57e.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3768
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe C:\Users\Public\Music\tnd7XR
      2⤵
        PID:2952
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5004
      • C:\Users\Admin\AppData\Roaming\r7RHB\Ryrl.exe
        "C:\Users\Admin\AppData\Roaming\r7RHB\Ryrl.exe" -n C:\Users\Admin\AppData\Roaming\r7RHB\i2S.zip -d C:\Users\Admin\AppData\Roaming
        2⤵
        • Drops startup file
        • Executes dropped EXE
        PID:4536
      • C:\Users\Public\Videos\Fwpj92\eVLEyo.exe
        "C:\Users\Public\Videos\Fwpj92\eVLEyo.exe"
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:1236
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:412

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Roaming\r7RHB\Ryrl.exe
        Filesize

        123KB

        MD5

        d45ac76aff1438925578bbaeff0a07a9

        SHA1

        d2def1fdbe2e8fe91055ef8defdda431a01c80dc

        SHA256

        bf9eea98236e80d7726473a7cde8d9c780d5f055186934b5932c16390be711cb

        SHA512

        4fac746faadb83f5b96eda6e9f513b5c2f8f2c91e7d9f4666927222a9385f81a52bd52ae738644d944f7f7b9f4c30c35299593630a94807119f830db26992fb3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\r7RHB\Ryrl.exe
        Filesize

        123KB

        MD5

        d45ac76aff1438925578bbaeff0a07a9

        SHA1

        d2def1fdbe2e8fe91055ef8defdda431a01c80dc

        SHA256

        bf9eea98236e80d7726473a7cde8d9c780d5f055186934b5932c16390be711cb

        SHA512

        4fac746faadb83f5b96eda6e9f513b5c2f8f2c91e7d9f4666927222a9385f81a52bd52ae738644d944f7f7b9f4c30c35299593630a94807119f830db26992fb3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\r7RHB\Ryrl.exe
        Filesize

        123KB

        MD5

        d45ac76aff1438925578bbaeff0a07a9

        SHA1

        d2def1fdbe2e8fe91055ef8defdda431a01c80dc

        SHA256

        bf9eea98236e80d7726473a7cde8d9c780d5f055186934b5932c16390be711cb

        SHA512

        4fac746faadb83f5b96eda6e9f513b5c2f8f2c91e7d9f4666927222a9385f81a52bd52ae738644d944f7f7b9f4c30c35299593630a94807119f830db26992fb3

        Download Submit

      • C:\Users\Admin\AppData\Roaming\r7RHB\VCsite_ingcure.lnk
        Filesize

        1KB

        MD5

        886e8202855548f1100dd0ace3882786

        SHA1

        090b32ccafa84aa504e3f2c747f0a97b7d017e05

        SHA256

        360f68a4b3448b20c646d2febfafc42af6579f1cd6ab485d09cf3ce73d684cec

        SHA512

        ac5051f999ee04140586432d80a456f6cd73abe8376dcb9fd2bea97bbe62538aa1d8db91209b33b660237b4216e04fa509e510a0fa447d4c88385db61f010619

        Download Submit

      • C:\Users\Admin\AppData\Roaming\r7RHB\i2S.zip
        Filesize

        1KB

        MD5

        cdde523245979e544c634be2ead7fdc1

        SHA1

        7c5b77ca9c8d0f5724c7178648a9039240214830

        SHA256

        a1170e28114a6ab9e5f55d225d37e3e3fd6d25139e1c495908047be634b7a681

        SHA512

        87454d2b434fc376ede9eb463b7d5cf65d051d7c8b57c6f9f217bc3f26566645584851b348ba24d9c8bd89740cd450ae9c691ab3df655fe9f3baec3f48f87fec

        Download Submit

      • C:\Users\Public\Music\tnd7XR\5_PIzi.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\82SLFv.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\Hxrka4.lnk
        Filesize

        1006B

        MD5

        3805823ae08ab85fff32dca89bdb3eff

        SHA1

        d0b74aa04c10ef9dcbda27ee01b61396c2704ce9

        SHA256

        7d28a904b45650a9d6e078736d35276cb8d0ace2814563939b95ef002c9666d0

        SHA512

        ad61102f80f2ceeabb4c0bff2f6d1e359ad8243c6f02c6a9133147ce8aaaa6816ff977a67677ef7d3ff71118ccddcde05e67c04e4f3666ec632a51c8f2acc7d9

        Download Submit

      • C:\Users\Public\Music\tnd7XR\Msmg6_.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\PJCsmc.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\UNHxrh.lnk
        Filesize

        1006B

        MD5

        9cd142f7f49f560405f5a38f8fb1e6c2

        SHA1

        a70bb8c90a100414c3d8a69c1ad4818a323e0f3b

        SHA256

        5169ade8c57213515e6cd8509d8c0ceec6b56c15b152fed8caf127e1d802ab55

        SHA512

        e43919c16cb5c6f22c6b312cb0541d202d427d79f925228bba99b01a17509c3410dbf198b213bbb69e1c3d163773b658f519eb95e930252eccc1f60b5f1b755f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\WDwngX.lnk
        Filesize

        1006B

        MD5

        400900b6fd670bea19bcd2750fac4c32

        SHA1

        f3ea763bd0302a3ce15b1e4d4dd8798c55d7fbc6

        SHA256

        fde3b7a7ed3acdb8d48c03a73b74a040e618ec3cc732fb46e924417d41a5abad

        SHA512

        9e16b0279e378016dfcbccddfae265ea59e55e1039a120a6d3c048630098d1ae93cd5a1ed9a419f97d926c928fd594b51b94dd628d0202bbbb4227c7f33c3820

        Download Submit

      • C:\Users\Public\Music\tnd7XR\i_TJCw.lnk
        Filesize

        1006B

        MD5

        4b8616a42ae924368b753b0f375a2c70

        SHA1

        5c57d3f2d1d7f8bb7ab78dc6751dc5051dee62ae

        SHA256

        ea190dd8df2e0c7b50f9768ab92aea69448f889bd3dde84c22086dfb9b973a67

        SHA512

        1de7553afc61876ec1bf982d2092066317cb6eae21ef0e800aae87cc080f1497588a73c98668b9dc17ed46072c3f3cc6edb08200b39d4c41b36aaacef680aa21

        Download Submit

      • C:\Users\Public\Music\tnd7XR\kd7XQH.lnk
        Filesize

        1006B

        MD5

        fee1e801eac6e143d6ab04a1104fc184

        SHA1

        dc5ad87a4cd4f3c0abdc92962570199da857c4bc

        SHA256

        659751f43f6a93bc18ed28a9d7cac5b54de52858b471352a8eb755a9f2948d9c

        SHA512

        a5e2517a150709007e34fc93c66da9d8113145e15bf79515c8882322b93cd427ca71a5347c7a54a2b1aa56bf1811fdd3c08b0ccd553e62e61c0bafe7e4a78bda

        Download Submit

      • C:\Users\Public\Music\tnd7XR\mc6MGw.lnk
        Filesize

        1006B

        MD5

        7a7024e31670a6adec2e475add55319b

        SHA1

        66e22fd64349b43508e173adb0690ecbcf1af7ed

        SHA256

        87546b3f0f102a3b8e7d2382a50ca8fb4abdcd5f8c74a15f6d57f612785cabd9

        SHA512

        85e82fe780e27012a4641622b5a65a18042f23354fa8a4c76b496d28c1fe5d7a8c2b2977d99e1c912bd5449f9bc4fe2719899f8ebb2e676297a708b76be83240

        Download Submit

      • C:\Users\Public\Music\tnd7XR\qja3TN.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\r71ULE.lnk
        Filesize

        1006B

        MD5

        b9a21d06ab6ee753bb2174e29e8ff839

        SHA1

        56c14d0154e46f89c522447b7d35ace85f628fb2

        SHA256

        cce2bf742599eb2744056d0910461e0d26b5e6384e1e61f2ca10506339aa6a47

        SHA512

        bfb59d93d0a855ae71e86bda3858b693d86a0c246d95abcaf5c3a7c21ea41d35bcaa253bcc6ec21ff7110f8d8bc41cb8c9f900c80702e8b431cd2b104da322fa

        Download Submit

      • C:\Users\Public\Music\tnd7XR\tmd60Q.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\wpj93W.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Music\tnd7XR\wpj93W.url
        Filesize

        74B

        MD5

        50b843cbb1748e0b5de5a6da33d98bea

        SHA1

        c6616d16b12f88540daa71d8484af7a2774155f1

        SHA256

        57677b3520ce06c38fed3a39058e3354cb3abdd2aea4cbc2add797c1c429d2db

        SHA512

        8d9ec67167f1285ff818e8524ac563b9a1cedb2f3cf002d7c4dd83d042e3786d39e913e22f983f1472a85871503b24bc55a700c7da8e306e7ab5e06455b63f7f

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\FXSCLNTR.dll
        Filesize

        258KB

        MD5

        299d42eca2d534b9327e4a807d98e368

        SHA1

        33c9592875a80abd3bf762ff28555f56d9f2a44c

        SHA256

        39bac954418d79b671622f8fa0845bf036255e32ef3a30262a123aad2494f490

        SHA512

        ae1071b0fb38aa6799f3e343a424c4b02a79b7dfc7f2f6e316b8764c71817249290f7b0387e6a4a729de8eac381ab8840818530d4dc3281496c64aa2f338286c

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\FXSTIFF.dll
        Filesize

        382KB

        MD5

        1ecb771a7093963d07aa49193ef472a0

        SHA1

        e7612f1d01890e4a1a2f71065692a1a96686ba58

        SHA256

        6f0aa26e0a94e2137c713f7e6b9c82deaa27f8605638b3ff9f8fe3a3f988dc04

        SHA512

        3524bf4c98b327be39106eb947cfd74075b7e6269d97c23685d0c91c7e37f38a1485a6786154a14369030333b47c3f0c770645cb2141e44176c95f92bfdfc840

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\eVLEyo.exe
        Filesize

        139KB

        MD5

        3fb7a90504e70d19cf4a206880620bef

        SHA1

        68619825b53d6114007422ab09cc0b74e5594e0e

        SHA256

        917ca096b0e17f763b9443f1ea682b885a591fbabac52e65342d3277b7ecfc38

        SHA512

        089ccd00b5a40ef3c550fe9565d2066880ac44dc0cb6248490f1d39a941440a124446fef5e7489a413b55b43fd3187f77dd0c4f46e93a0ec49939af0d6038c8c

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\eVLEyo.exe
        Filesize

        139KB

        MD5

        3fb7a90504e70d19cf4a206880620bef

        SHA1

        68619825b53d6114007422ab09cc0b74e5594e0e

        SHA256

        917ca096b0e17f763b9443f1ea682b885a591fbabac52e65342d3277b7ecfc38

        SHA512

        089ccd00b5a40ef3c550fe9565d2066880ac44dc0cb6248490f1d39a941440a124446fef5e7489a413b55b43fd3187f77dd0c4f46e93a0ec49939af0d6038c8c

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\eVLEyo.exe
        Filesize

        139KB

        MD5

        3fb7a90504e70d19cf4a206880620bef

        SHA1

        68619825b53d6114007422ab09cc0b74e5594e0e

        SHA256

        917ca096b0e17f763b9443f1ea682b885a591fbabac52e65342d3277b7ecfc38

        SHA512

        089ccd00b5a40ef3c550fe9565d2066880ac44dc0cb6248490f1d39a941440a124446fef5e7489a413b55b43fd3187f77dd0c4f46e93a0ec49939af0d6038c8c

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\fuck.txt
        Filesize

        761KB

        MD5

        3bce857dc0bc186546b2cd282379eaff

        SHA1

        51eb168d1d7bd60ee1cc82612014adefea26172d

        SHA256

        7d9017c96fb301a6126b80683755dca989171ac5d44dd43ef423302e1b147de5

        SHA512

        22146f2f7c513bfdab8219d31d73b727942f1347532dff1aa0af523f8fb3e6aa89c5d6ff3dc3e5e8f36a6868bfe93da7685325a2aeea1abf2a91b7fe483052d6

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\fxsclntr.dll
        Filesize

        258KB

        MD5

        299d42eca2d534b9327e4a807d98e368

        SHA1

        33c9592875a80abd3bf762ff28555f56d9f2a44c

        SHA256

        39bac954418d79b671622f8fa0845bf036255e32ef3a30262a123aad2494f490

        SHA512

        ae1071b0fb38aa6799f3e343a424c4b02a79b7dfc7f2f6e316b8764c71817249290f7b0387e6a4a729de8eac381ab8840818530d4dc3281496c64aa2f338286c

        Download Submit

      • C:\Users\Public\Videos\Fwpj92\fxstiff.dll
        Filesize

        382KB

        MD5

        1ecb771a7093963d07aa49193ef472a0

        SHA1

        e7612f1d01890e4a1a2f71065692a1a96686ba58

        SHA256

        6f0aa26e0a94e2137c713f7e6b9c82deaa27f8605638b3ff9f8fe3a3f988dc04

        SHA512

        3524bf4c98b327be39106eb947cfd74075b7e6269d97c23685d0c91c7e37f38a1485a6786154a14369030333b47c3f0c770645cb2141e44176c95f92bfdfc840

        Download Submit

      • C:\Users\Public\eXOHBr
        Filesize

        976KB

        MD5

        c357cceba3fd45ec3f7582a639284464

        SHA1

        eedfab6981c61d235577e42fc2eb357100ffb23a

        SHA256

        8b71247c58fb7e0cf2e2168b75c9f8785a6bc04929b429c45cd525315020bcdc

        SHA512

        392f7b6a14f93bdf9fc932efa5fae22121aa320974b70faa7f7274747d099ef0f0509aad0c173d5d3d8b3c263c11b320fec0e1551e0fc60648e9a51effb9794a

        Download Submit

      • memory/1236-248-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1236-249-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1236-250-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1236-251-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1236-254-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/1236-255-0x0000000000780000-0x00000000007C8000-memory.dmp

        Filesize

        288KB

        Download

      • memory/3768-159-0x0000000010000000-0x0000000010046000-memory.dmp

        Filesize

        280KB

        Download