Overview

overview

3

Static

static

3

0a40fa4bf3...41.exe

windows7-x64

3

0a40fa4bf3...41.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    84s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2023 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a40fa4bf3e3f294adad6ec58e3aa240c302d5071dcb7b7d8c0f14950ee4c441.exe

  • Size

    327KB

  • MD5

    4d05502463e1a007138185cef705c563

  • SHA1

    f60f66e1f597982789265df302634a5067338ddf

  • SHA256

    0a40fa4bf3e3f294adad6ec58e3aa240c302d5071dcb7b7d8c0f14950ee4c441

  • SHA512

    a8dc39bc1f9980ad8d8c87036b16d63f6c66f51fbfbfbac32af118f7e4cc199467443737a7f0da7681aa5fedef6dcab6eb854e7c3a2e32b07ca7221360e42ecc

  • SSDEEP

    6144:3NgF4DxNuJc06j4YBa77xMQxA5i5knmv1SL/mQXQB+YZg76lkp:3u4lNAtYytvS5Aku1YLauGl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a40fa4bf3e3f294adad6ec58e3aa240c302d5071dcb7b7d8c0f14950ee4c441.exe
    "C:\Users\Admin\AppData\Local\Temp\0a40fa4bf3e3f294adad6ec58e3aa240c302d5071dcb7b7d8c0f14950ee4c441.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4452
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/sgdh.html?s=156&v=157&c=207&a=95&m=&t=1615430156
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4556 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    b76a23b37666a7437d014c8f45e0c843

    SHA1

    fac0f80c6161321ab45222f5c7b74a9d14fe0aa7

    SHA256

    1fa8f775e6d41cf817e2a89d7b35a469f8c511b5e6f2092afc58bad8e743075f

    SHA512

    483c9f960400347614dce89560af6be1547627438af1a0464c9ccee9e8906df6957b68ae547dfce5adf384d5f4eccd2145e568c386c300a073d254bedf7bc24a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD5F118F7897046E8CA970AE6A6AB70B_8BF7518DCCE0D7692B051F7DA079DA03
    Filesize

    471B

    MD5

    5e434f554c1296d0626cdfbbaa5191a6

    SHA1

    184e996c95ae3cfea9e1b11d54de370338768750

    SHA256

    bcffcab2200cebd8a6080203432a655153877e23882fccd3a03e17e208c37fc1

    SHA512

    c7f2ce619603f337fec4fb14ae9e509b3d5d04ef0af3b6a38ecefec62a2f17b085cc54880ed3105cfd3d3ac9e0c6f0da22b7c1abf002587ce6eebbe158d98694

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AD5F118F7897046E8CA970AE6A6AB70B_E5E634D70AA6544AC8AAD5B4D1EA78DE
    Filesize

    471B

    MD5

    30b3a8afaf9eedae1376a7fefcee1b96

    SHA1

    f488e2004ca0e45d645f8c8b92efaab8cbfa36b9

    SHA256

    9eb5271b4775490f73993be5e5d1b5a302799163442dfffbdf01dec604233036

    SHA512

    0d6652b2dffaff7bea65d9d822d88ae781336042be2ea7414f53a726f93a8a0486ac356ce640718fceae4d02471b4a2043e5c34bb6d350e085b6661e1f9ff0b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    814d31c4ef17b2f1c7c480a3db9ccc04

    SHA1

    9630a8e7d47046383885e10ffa34e381ade09fd2

    SHA256

    5dbcb176af0f2c27504351839615a68d86abf9cad95b040ddef5531910462440

    SHA512

    e11186897dd03d84d76c415f0cb664d4e5eea4e14e6f58e4a810b6884368b318dc60172448fbd23f1537ee1b2bd593af99cf7a6e1eb1be121633e5849bb5576a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AD5F118F7897046E8CA970AE6A6AB70B_E5E634D70AA6544AC8AAD5B4D1EA78DE
    Filesize

    402B

    MD5

    b6b5e62ad4eaf9bf1c7f955b94fc8854

    SHA1

    80662b4822dfbee4262331fe44a4692f611db58f

    SHA256

    16766c35549502a0ad6ed3ab891ef21ec4969eaf2fb6798df96e2465a670d9d6

    SHA512

    51df808969341b633d1e8e21868553524759fbc0952a269b5bbc42ecb4c3302dc66414ec3bb24ac0e08a759a075ffe06db89a8079dccfe6eea0ff79a4f258153

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\qwzqiba\imagestore.dat
    Filesize

    772B

    MD5

    b54ed5cf8ed130ffd4040057a88a3fa0

    SHA1

    8bb607220ece74a17c30d5f33b5655ae4ae24c87

    SHA256

    589fc3395f107ea6b93a79f87214f77dcb91555004c747cf1cf6061ab4eba834

    SHA512

    f9b4b29d282ae725d47fb85847ab377f154d9676723b990360253d8983d3c8a73f4c98f57230e7010d7e3d2cbbe957788cf9276690b51a6b96d2da48338578cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\favicon[1].ico
    Filesize

    628B

    MD5

    8b944f7f1837308ddab3157b96a7c6e8

    SHA1

    fdfa7147a25be9bcbb8200f010c584a8724b6a5d

    SHA256

    d7bcfebd688fa69f028b2e55268e6475869d83011799104d7a315cb8e34fa18d

    SHA512

    28cfbfea2c4410b2b3e86d5514cb8a4eca0bacb6adcb9636184645c92875457b8288601f8ec158578d1b5d7858623f271c6f97dcaf7b60184e6443a9263bb029

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\HV5TY8S3\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit