Overview

overview

3

Static

static

3

25a3a82cfe...ec.exe

windows7-x64

3

25a3a82cfe...ec.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    142s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/08/2023, 09:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    25a3a82cfec2bb53281e68eb14718c94c362ab6d6d3a4f6b172019a90dec3cec.exe

  • Size

    327KB

  • MD5

    0f7faef5a39a8d1595ad659291bc3fc8

  • SHA1

    794df0f04d8564e0d4d8e4d1a7836bb4a4741f38

  • SHA256

    25a3a82cfec2bb53281e68eb14718c94c362ab6d6d3a4f6b172019a90dec3cec

  • SHA512

    24f86929d8aa288ccdcfdc0d2dc21044ed81dbcbc934ea0c1d8f13b6c009c30886ab5fc5068e11506c26ad2d54ed9de2039c891218bb002ea191eb4bceababff

  • SSDEEP

    6144:3NgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQX9B+YZg76lkp:3u4lNAtYytvS5Aku1YLZuGl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25a3a82cfec2bb53281e68eb14718c94c362ab6d6d3a4f6b172019a90dec3cec.exe
    "C:\Users\Admin\AppData\Local\Temp\25a3a82cfec2bb53281e68eb14718c94c362ab6d6d3a4f6b172019a90dec3cec.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/sgdh.html?s=126&v=127&c=132&a=95&m=&t=1615189715
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4084
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4084 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4136

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          b2c81dc385d8027dfe5316af20681390

          SHA1

          2eb383d6f116336c1007e8a772052739d0da8a9f

          SHA256

          b487445e858a87d2a91424e02a843ce6a56e859760674c5c7666418130c63406

          SHA512

          de8aa3e9fcbb795c1988ffdbc15e349fceadd52fbf0bb62be17beae0b9b2c211a4f0704b89c07e845ed923c1aef5d603cf7eeb3daae9acc88488d174ef864feb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD5F118F7897046E8CA970AE6A6AB70B_8BF7518DCCE0D7692B051F7DA079DA03
          Filesize

          471B

          MD5

          9bfd06fbea15e175df5bb09c77b77c83

          SHA1

          87ed2435e77a129a163253c10a2d83a4dc240ddc

          SHA256

          87e152f8a9d1be307dc00fafd775739825468b1348755c56523730ec93204833

          SHA512

          1a585350c9b646b56dfcf80e252e9fab6428dbf1377b4cc8e5d1e4c1dad896a9eecca5aa73dad00bf73b53e62a3252866e1afb9d9086efc47001732f251d4529

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          404B

          MD5

          87f9f847c5737f8e1abb8d4810a449f9

          SHA1

          61c605cddf9df543411416b8bf46cb87b8c1cd57

          SHA256

          a946f384a99a9b865c3e98f02c93c9265b83a36ebec8f7f49bb5b25992fe375c

          SHA512

          223b95f9346d657160db20ba71650e46679342e14fa93f1aaaf49a331dba7a9e025da38a878b3476a9205a4397d2a8dbc9503d2476603126bcc67e64c711c769

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD5F118F7897046E8CA970AE6A6AB70B_8BF7518DCCE0D7692B051F7DA079DA03
          Filesize

          402B

          MD5

          2779521aba65b9437a7af2fe0b05ddec

          SHA1

          399673e50e3d96bf1772a48ca7feb5ab3771e8ee

          SHA256

          b8cd98e916cec8f6fc194bef22843edc50c8687f576de063d9f8ba2debe5b6a2

          SHA512

          65115f2cb1af77007a442e609b57b18cfc6e6eb055f3aecfbfb7873cca214f4d503b4df4abe371332dea534d74cd298b743d48eb163d496f1c6df0b734ae9723

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB94.tmp
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5amy22j\imagestore.dat
          Filesize

          772B

          MD5

          ca09381cf8406667c77a4e00f08ed563

          SHA1

          1f78ba6de6c8acdfcd3e15bc6ace2e9150c85e3b

          SHA256

          8a880ae2d4475d565cbe5921db797f5944f963c71f49539476c3cffea0bf938e

          SHA512

          801c06a7add3ed7d707ba26e3642cc82c7817e4c3c1c4ecf512bd3d2c7ce0867b34d7ea3ca8b3b07a8ead57334452eeda6ae13a880ce16e5478a3059e08f37c1

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\34SFYBWV\favicon[1].ico
          Filesize

          628B

          MD5

          8b944f7f1837308ddab3157b96a7c6e8

          SHA1

          fdfa7147a25be9bcbb8200f010c584a8724b6a5d

          SHA256

          d7bcfebd688fa69f028b2e55268e6475869d83011799104d7a315cb8e34fa18d

          SHA512

          28cfbfea2c4410b2b3e86d5514cb8a4eca0bacb6adcb9636184645c92875457b8288601f8ec158578d1b5d7858623f271c6f97dcaf7b60184e6443a9263bb029

          Download Submit