Overview

overview

4

Static

static

1

trans[1].gif

windows7-x64

4

trans[1].gif

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    18-08-2023 12:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trans[1].gif

  • Size

    43B

  • MD5

    325472601571f31e1bf00674c368d335

  • SHA1

    2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

  • SHA256

    b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

  • SHA512

    717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 55 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 17 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\trans[1].gif
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2324
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1284
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:209941 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1800
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:209955 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2036
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2632
    • C:\Windows\system32\mspaint.exe
      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\trans[1].gif"
      1⤵
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:1744
    • C:\Windows\eHome\ehshell.exe
      "C:\Windows\eHome\ehshell.exe" "C:\Users\Admin\AppData\Local\Temp\trans[1].gif"
      1⤵
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1676
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\trans[1].gif
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:900
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\trans[1].txt
      1⤵
        PID:884
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\trans[1].txt
        1⤵
          PID:1584

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9eddb39c4f5d8169c9da172c225107ed

          SHA1

          3f8d8e32b16e8b8453daaea69682647023cf5554

          SHA256

          30eecd6f742a6b3faa2a6eb9f59afcaaf0a0719168a8c1b30736bdd4b1c21f95

          SHA512

          03f47b9a6e14a803b1e40c19e5b667dff5a759d9f2b6d586521730996f2f52321a039f289c32f12041904761f1a6675202bcde9eac7c3dce371d46cc47136565

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cc8f02a756eb1b93417aec865a2accb8

          SHA1

          b0b0ac107c452b80df14b40f4f5c4309de6487d4

          SHA256

          d2556a80d6e1c0ab5601951f99bbc9ad8771c1d2c0211ff433185cd338a41149

          SHA512

          776c440907ffc66a6e0059d3fd9af18a5f1e6cd7abe7951a545b09e51cb17ac006dc021552edd884cf60fba221e412e197408724d162ad81eedf29172e49903d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          10613923d086f596e909c3e80c916b1c

          SHA1

          2bfa106f0079c2fb6c3639a65027506ee472214c

          SHA256

          11cd9245a8ffc48bcf52c02f72ad9f2e37586e9a0d5536c3903a58afa85bfdd1

          SHA512

          665f159b98eb680597cab54f02cba572e4baf6c2513f7ab829f2a1292e31607b023b75504b5554ebdcc850860f6a2a9314ec72c7fc3742b9571494686505cfbf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          14060f0fe3bcba845528435e21070c37

          SHA1

          c5f01c4bfa1681132a48932e1e0eeb285a8e00e9

          SHA256

          1bfcdd1a883eb392071cd8b3727cdbfadcc1d7d55a8cdd642473711c046c6d22

          SHA512

          24ede30f4f5f61eb872add2e0353d893b9b9d0dcf5a695d9db9ed690ef292dc0424eb751e5e2404e6f1b7e90aac2e2f00dce59c0792457efcbe70dd20919f96b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          31b00d61a54423c284d8af6bda4cb0b1

          SHA1

          8d5835f97f051e7e97b84bbefcb70e21014f210e

          SHA256

          874cd114a61cf19bd9553fe537bc1941214dd641f89a16d7a5ff146132d27829

          SHA512

          1af9d26fe6ea543c71e284a7dc10ec1b7f26f1755917eab19dc7878f57f9fb5b905f7f5c6c2e36758956b04002bd2f5aed37e72948857f2759fa7a7dba012959

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          385a1650aae88bab80c0bd20c3260a5c

          SHA1

          c8fca275340db70a3c27d5617c55154e808f38d6

          SHA256

          8457e1f298edcaca55dff41522282c07af2972b9dd9e9f23d19ac6d53665663b

          SHA512

          00cbb6ff7d7fd043a74c0e1972a714d0fccc566550b2fdcf13422febb39f20d5bc0a1440fa6a54dc092707957b78ef8bb89a99140df3b562add5a60a19a54bfb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3d2d674d9f79e5446383efef3af6eb1d

          SHA1

          900fd95a41247c6439bfab0b96feda9723be65fc

          SHA256

          c9898a4bbaba81141c8e128eabee3634fe293d1328d67c1aba59c8a0aef4edd8

          SHA512

          8c54710dab454d6f0799e10fe26f4ee89894a44e4fac1d3dc67a1118d4f7330bce94aec776ef44a3b92e55923f2fc4352eb72ef20ad0a3d06343fdb1e8a851f6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          15af2a505fd0c0831bd2ceea69fc86e2

          SHA1

          47d8c4950e45773811f50174640ebee10572cedd

          SHA256

          5995fd52ff8a3067d78d97bb16d0d152622224d396fd167093a0f11d51da0193

          SHA512

          fc5d1c97e43d721f22bc576b22e59102b3bddcc8394928a31c328db1f0ed3fcdb620e5340c4c7a2bae3d3f0c050290aac44a6d4e7373e4585adbdcb7ac253c3a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b1cabe1f3045ec22457badc3fdd3f5cd

          SHA1

          3613b78226395f564b38375b6cd3caacb68b93c3

          SHA256

          44db8025446d6acb562f260aa73267003b01ed2f53bf47b5623352bdc857948c

          SHA512

          ffe11009b197b18e5288bf6fe03a744c404a269f9049d4f898265fe3cffb35680de828fc06e1b832f6feda165ad0cc4dce1530bfea8faa245d5e619b0ca1fa67

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38fcd712740accc2bace1c3582253f84

          SHA1

          5e09bae5914823f8d7fb5bcfbaf1e956a9e25a85

          SHA256

          aa6a41e0492db4822c7a6391708f78f9fc32ee4c6ffb2832782456c58afa1d46

          SHA512

          e59d3ffd5fe278adf7d49da6d5f9472f45ef7b9763d7e828a47d558ef0656c262e28ec0d4fa0d50d0ca3f04a18778204b594211737019350855850ec362cb7c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          87d28bd249b4261eb9b18eac2f2c1d8c

          SHA1

          441ea3924e8993ea48a4d281e78795a6caf52645

          SHA256

          4a16338724ed37b10c91ff7b0544234740e49a04b932fa3ce11369d76e2ff8b8

          SHA512

          72251832cb0dfe116b82898df96e9170b327faade8a82946a3d17c0e5d0c3febac78aa691820ad9ee953bcb65ad41b4b8ed7bcbfba456a0285acee14dbb90905

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2f05634b6fa4625703ce46290c149c0b

          SHA1

          04c05c3e834ab7bb6e46a8ef7be2968fdb637daa

          SHA256

          d43b499bed7ff3d49e700baced43f81523430969a60947340c2ef3436fac8498

          SHA512

          33f9e801cf4b09bb6a3afe5e86ceec25f3c6949b37f816b6b9d8d4cb2e768d5252d2adc389083f1a93e6812b04623479176f5dcdd6ca8cbef912b2ec3fe1dfd6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          37b836e4ec5a4857c0491666f6f56a5c

          SHA1

          bfffa5696fe307848cd84d61cec4743ed9435cda

          SHA256

          aae36f59cc0e2597b642ddb890181985b7a85ab4da636daf3ef9ef98f20ab64f

          SHA512

          78086ec97b47f91d511fb3a8d24d86b77938390f17d82c3209d1bf0804989548ee779d169334e58702c2ad3b7a19267092651e87855023ec3da519d97bf06c1f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          516d8eb2955d2e9c0e9a5bc4f882cf7c

          SHA1

          849d770586fd0800ea89e51a7d3aabc625a3f46c

          SHA256

          ba29583245bd1747ad54ce353e65b8db8187b2367efa132564acd58950a081e2

          SHA512

          8c4e42ced299a6a8772c59f1e625d0cdd5e4f7332f4be98578166f0d94399129bd329e1a291df835d56ab20c5585f329e4bc651909c15afbcdb10264c2e00753

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          62d6989bb08f37440a70a10235b4b371

          SHA1

          09510bb772d10ec68155e857396147605d22ed4f

          SHA256

          9f81e676ac2b76332ac732b22ce2fd72e3c8cc8642d4c04c28425e05a735da25

          SHA512

          209482d08379605795a5db9d3f50cdd5917c8f53553b27e1b4575d4701c4e05c82f35a07d29966589ec24a28194eff0f8a2be3bdf676b58f8fbe83e6588c1c80

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          636f6ee3e168fcb8902feb82b4ccd469

          SHA1

          d6fbcf143c5e780b355b26fa60047a35829a988d

          SHA256

          384a3bdb021bca222e6c6669cebf2e834827d9bb6ce8583e7538dc6cf92306ef

          SHA512

          04dc51a120c9b8b23b2b336e278a3871444af3c6f1ab9db1b2015613089f43924f8ec8d3e4b9fcd3c5affa22ad045cb0dfe5650309967135a60b910c278b6d85

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          842998f014acca26249d53f9a118282f

          SHA1

          ccf4425ec671c7a726bff1ebba3e7b21f8f0e225

          SHA256

          ed1bf9a59455d52081dfe4989590296900dafdf0ed281162ab93fd35d86789b2

          SHA512

          0052e6dac00b18040de9e80afcd6ef7028040690644f6825d1c05943f6c1e125af64a38d93be67321b9696c91cf85b039985b2195f24f7364f3fda922f26fe70

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          96e4d290dc36143f8f1c57d9cb4cebe8

          SHA1

          4f436a06b4228e5fa9a6db5b561c8154ba3834dc

          SHA256

          df38dbfb63f38a29b590ba29341ef1dd4d8f3bde18dd0e93e0a1ec44fc56b2ac

          SHA512

          b178703bdb2e5470e45656d052c21c280efc9377cf094c32f5ba6e198d3e31462f7130957338f7e169bc098b8424a0dc03b7b112a6ba88ebab356864c9fa6652

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          62474521d60ac87750d3f3a2d053d292

          SHA1

          88a3a0ce7c8109087573668a434c43f43734b055

          SHA256

          dfbdfe09c2c795af2caf6b677d762c0f32841928bce93a771663ee5fce051afb

          SHA512

          1d4e5476e9a89beff795b35d301b7340b381b64d497957b3c483e407cbefaaa74daf0a20ca5f4832e801f76bd8a062b1cc371802490c3d0ccc320de8d7ada2a2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabF3E2.tmp
          Filesize

          62KB

          MD5

          3ac860860707baaf32469fa7cc7c0192

          SHA1

          c33c2acdaba0e6fa41fd2f00f186804722477639

          SHA256

          d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

          SHA512

          d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarF4E0.tmp
          Filesize

          164KB

          MD5

          4ff65ad929cd9a367680e0e5b1c08166

          SHA1

          c0af0d4396bd1f15c45f39d3b849ba444233b3a2

          SHA256

          c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

          SHA512

          f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

          Download Submit

        • memory/900-935-0x00000000039C0000-0x00000000039D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/900-934-0x00000000039B0000-0x00000000039B1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1676-929-0x000000001D310000-0x000000001D3C8000-memory.dmp

          Filesize

          736KB

          Download

        • memory/1676-930-0x000007FEF5540000-0x000007FEF5EDD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1676-920-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-921-0x000007FEF5540000-0x000007FEF5EDD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1676-922-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-924-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-925-0x000000001DCA0000-0x000000001E2A8000-memory.dmp

          Filesize

          6.0MB

          Download

        • memory/1676-926-0x000000001E2B0000-0x000000001E434000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/1676-927-0x000000001B140000-0x000000001B141000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1676-928-0x000000001CA90000-0x000000001CB2E000-memory.dmp

          Filesize

          632KB

          Download

        • memory/1676-943-0x000007FEF5540000-0x000007FEF5EDD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1676-919-0x000007FEF5540000-0x000007FEF5EDD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1676-931-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-932-0x000007FEF5540000-0x000007FEF5EDD000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/1676-933-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-944-0x0000000002340000-0x00000000023C0000-memory.dmp

          Filesize

          512KB

          Download

        • memory/1676-940-0x000000001B7F0000-0x000000001B7FA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1676-939-0x000000001ED70000-0x000000001EDA7000-memory.dmp

          Filesize

          220KB

          Download

        • memory/1676-941-0x000000001B7F0000-0x000000001B7FA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1744-914-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp

          Filesize

          304KB

          Download

        • memory/1744-915-0x0000000001E50000-0x0000000001E51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1744-916-0x000007FEF67D0000-0x000007FEF681C000-memory.dmp

          Filesize

          304KB

          Download