Overview

overview

3

Static

static

3

488b3fb4e7...3f.exe

windows7-x64

3

488b3fb4e7...3f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2023 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    488b3fb4e757a2356eb530bcd1fdbe2351dfcc97409ea9d261282982be907d3f.exe

  • Size

    484KB

  • MD5

    c422a6221da517af6eb8cfc6aa417574

  • SHA1

    bf952e1f7ef5b6cc64455dc31cf26b5adb98e32a

  • SHA256

    488b3fb4e757a2356eb530bcd1fdbe2351dfcc97409ea9d261282982be907d3f

  • SHA512

    ef2e0cd5e88d9908c2dd49b3a6caa62c9e82d6cba8bb077f69ec9e946aa083d94ae1248cf35c38d5284b848f1cebd8e135ef24b13af03a73e38159c27f2685d0

  • SSDEEP

    12288:iu4lNAtYytvS5Aku1YL7xdkUoDj9JU01tuMsTp:iwhtvSLu0eUoPo0uM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\488b3fb4e757a2356eb530bcd1fdbe2351dfcc97409ea9d261282982be907d3f.exe
    "C:\Users\Admin\AppData\Local\Temp\488b3fb4e757a2356eb530bcd1fdbe2351dfcc97409ea9d261282982be907d3f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1908
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/rxzgzb.html?s=122&v=123&c=124&a=175&m=&t=1614565521
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7512f54803958c026d7c817c6afb764

    SHA1

    7a6f6db6ffbbc589b10e0dd591590ada4f22d0b9

    SHA256

    d273cf3932439e2831fe2ce3823cff6ba07ff2de61883b7e4a406dcc67ed8248

    SHA512

    ba64b15560eedd348589f68970f91c23bad37ea9ecdecc580c60db7d1a8b335a6faf7e5135e58a969dddef87ef83dca14f84fd8043465812314c26bfdd0a1a97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab17663da0f6ccbb100414122784e704

    SHA1

    32da178ffeb665dd82f3e6b986ed00644da193c0

    SHA256

    4f8c3b9501778e5449b36a8beb2149d430c04ebef0a0dab7d308e240b0449235

    SHA512

    f9025b59a1754f535b4e63cd8e70ea86c0918844425c2bb6f081222f20f123b276085db3326042ff0abd77c997fb17ab773c16ceec459f470a1d1daed94b2818

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9acb4cba79b052c45e7f5e844dcafb2

    SHA1

    cac042c0573fdb8b1ab819e993f0ccfc8631c1df

    SHA256

    1b5497141622f1c28e27b15229284ada6a3bd04f5b0d2907a1bd069a99f52774

    SHA512

    0d4a1e8cc65a322da4483080fff584071b48a206f0ec5a6c978ebdf81b4afac62579b157c78bb5dc2d297bc9ce931935bc2406630fd0330be7cc0421d3d61648

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92990c31ae6b889c1b2541261bf47a11

    SHA1

    57c1058953e334dd7f1cc3689379a00e35aff81d

    SHA256

    695b0aa499989e02a422342984a7ff9053e121aee4904c67f60b74b01b623c1e

    SHA512

    7bb452b9f593ee0aa975f13db005084ec7533236c6a3e53df61e0ff2078de9429fb0e960c99e5af23e08afb2fa0f7d59efcdc62c8ebd8d530527b0d9c4ff023b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6261d2b0e6834b44daf5a78af4b7401

    SHA1

    51f8fea66d4125dfecd8ca3c2538bffe8d24863e

    SHA256

    0bced3366df6baee3fe596b4ed70cf08381e4c6a37893107afa7e405ce76d23e

    SHA512

    093f970a77023af79b0268b3ca05d8cde8992553d481b8c40c53a3ed32e5d2d6923ae2d8f57ac63558e01ec50831f1b58d0aa91c17f503377381baabed9fdf68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3d5e116168ee6f1468f1894e1fca6f7

    SHA1

    211fd2dadde3d5bc350ae2e66aa0a09cea80dacd

    SHA256

    62562489e07e2298bc361d063fb698eec50170a29d6e17f213196c2c0386d419

    SHA512

    b46a38002f45f97a69bfba2f5ea5e13c6fba1bb35d5021c72ab7e499e0a3955da23b90fda1f9c93aa970303a418ccc08fd327a1d78d6cd5599dabbc1070adf9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3fc060369e0fb756adad8499d3186d54

    SHA1

    8894ad9e23c705043baeaf1176eb9eb1726998d0

    SHA256

    083222446e79987e9ae7cf9766232d5de863b45917591c4f23a4376f23b83929

    SHA512

    d2dcb596028e2274bc6e828b80970d3ebe7b05bd41441c2fbd714c4e9bd06c0471b08439862de185f827dbfb7091dd58b1a225cf2ceae0fec89575ad3f3cded7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec977d7ffcf9e17b905785025f5afa54

    SHA1

    1ea657eeee7ff55c815a415cef9694f744bdd053

    SHA256

    c8412637bd886e772968861357d95da05641cb801435a7fa180dd32bdf0e3170

    SHA512

    3d296eaa8e4e7c7126e0dffecf3454a71f0169acf3b6eee29137c3c7ae044f2a41d2255f0c9096a80def5383c798499168b81d27f5a04f581815aee9f89b0f7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cce2462421ce86f8a5084b6df88c82f7

    SHA1

    ba0043967a3414bca9200a5915e8c52bd724e88b

    SHA256

    4b21acfddd5b3ca6a66f3a9cf9802fcef97812574fca823f8f093846b578fa4c

    SHA512

    c49fefe0d8c223f107a9d322474e8ddd14f1d77b821e63bb8336c154b1f65288aed5067e21ca4f916194cee89e067f9659d2c6704b589437df608b56b1ec7b9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe385398b86ada2962da0185e6726d14

    SHA1

    8e49ed5fd2829bd9ec063d235d8599fbc0cb2d01

    SHA256

    ca2ee918e1e51ac96baa66d79fae3ebdb7edcf7cc639bb8adc3df8d364a88242

    SHA512

    157745c0d6dd03f4a4ede5391117b3dac83d991c473e52ffa2734433ac1b04bb72ab230bd6816d33cf99feb6396bae144d23a07b026c116ec305826e4e8cf5b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22a819d8bc02fce77e14a181494b81c2

    SHA1

    59dc2fadd68df815c913c0c96f7665ae33f712c8

    SHA256

    cd05244f6c2c4e562b6aa15580b924f1218c2a06dab1204672459e6bf288de14

    SHA512

    2578197369b56b9e2d357076807cc0427996915acec4735b43c14ec625e7d36391a3b5a4498bd1799982687580429252ee94223a36de85db7de0f0bead8e1095

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0798cc35fbf8231fab660489cca51b1

    SHA1

    cc7c42e3af484ad761f7f6268e41be1259f06824

    SHA256

    b4831f92bdb7e650cd0cb665dba7fbf8430430ad1748aeed4486eb38cf2cf8a9

    SHA512

    a958bf9d0bb5a6aa10dc425cbdacc93aa9255e47cacaf920c409a9e98afe2902bbb1cda642a4f421cc916588d1d7766fc989e1692587b23cd9f7b525f976a091

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e95d12abab3f00d9ed1be15e7010a55

    SHA1

    a5da1a75cc7b6cc481004e1ad44c865260a6fcdf

    SHA256

    58d4a7a794a93dacf49fc5b2cfd2350ba2f443143cff90c27bd8a474ab4ffbeb

    SHA512

    97ebf6e541a19f48afa854a912cc1eaa700036811f20e639bfa5fa2ec80ee226f366c9facb472d0260a222c078d96abbe941f26c5f43d1a24a498c5baf3ada28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2018aa4baad3dd6c0bd63695e1ed75cb

    SHA1

    04266a744e5d6345e9180f85d511be75548f9a44

    SHA256

    5c3abfdd2e60d24015aa16dfd4e7d98c367ba4be1e7058b8df1e3c848cd1c73d

    SHA512

    ce189821eff984dfc64a8c1f84be72b933cb4fa677054e5a1cec2dd7de62b8ac0327bf4d0b2e8569c28f807c4ff48ad39060ebfb0ffb5b3654080b12543a6a91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c8e80082c0999282378da88e4b1cfa3

    SHA1

    6c209557bfa8a1edc8372a14ad6b29c42f99f345

    SHA256

    ae414231a6587b51a431e3f07d7309075a597913470cc3085f1e835085424802

    SHA512

    b4adced8af4a9e9296dcdc1f4df165168ac647c210caff68da079804f329ab36afbcc231f11b880ce228f2acf59d507747a980474405542ca97caeb55c1f4e51

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\uns8mem\imagestore.dat
    Filesize

    4KB

    MD5

    37c6f8668e1d32db470f335ee04558fa

    SHA1

    cf984a6c7d273601dc69d87bcc8a12175402aca7

    SHA256

    6de6b2e0b08c645cb3af65b3d98eb20754a7177dca7500fd68e08c622a92bd3f

    SHA512

    6cfbe6d50a186582f495551f97927372656b42d4f6231625e9e7882484213e6ade851db17434fe9d2ebeb6d32a26cc25a679167c3945d083a72109c00a12d41b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WRIL45A\2[1].js
    Filesize

    10B

    MD5

    74e1080b5e3125ca3a5abc7b340399aa

    SHA1

    b1e150e5809482e54c347d440f1824179c0d6d5f

    SHA256

    623017a5748ff1b4e9d0f227f5cd58869ae4959d1ca8fd204c9441cd11e2695b

    SHA512

    51985a333a6c225976863cf49eca3492f5b8a61f525d08d0bc69c25a7eecaad6fc3ec6f71420f06bb1c3fbfbd197eed6c5c4a99929bd0dbdee73ec2f88265f80

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6WRIL45A\favicon[2].ico
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULULORKV\TCaptcha[1].js
    Filesize

    79KB

    MD5

    cf1f7b5f26170b63eb1a5fea4abb05a5

    SHA1

    d03a929c5f82d8d31cd8e9aaa0b686086a15ae6b

    SHA256

    bc4ac878d90b7721264cb605ea1efae6bc7ab573c801620651416fab052c1f4a

    SHA512

    97954bd96e60bbc32934db460ae71ceb8122e6be0e01b7bdd98a9a30d0744fdb9bb56f3cf65ef3967372ede0c60e0400d129375a1d9ba80eb07e779c54806588

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2E71.tmp
    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2FC2.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit