Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2023 09:26

General

  • Target

    cee81cafb953b0d7a0739463b8be21fcef6a033374c257cd7b2569e0035afef5.exe

  • Size

    484KB

  • MD5

    2086fbc069ecf841de389482021f97fb

  • SHA1

    66b0cf650dbbd53247ee47b1968ecf306a6242f2

  • SHA256

    cee81cafb953b0d7a0739463b8be21fcef6a033374c257cd7b2569e0035afef5

  • SHA512

    b368e2f1010ef72259e0af5499611a0268810513ec12d21c2715d627bdcc27e419275e29b408d7fe8c2fa1a01d42a35b014b63bd3e287b293acb0baa4126e9cb

  • SSDEEP

    12288:iu4lNAtYytvS5Aku1YLYxdkUoDj9JU01tuMsTp:iwhtvSLupeUoPo0uM

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cee81cafb953b0d7a0739463b8be21fcef6a033374c257cd7b2569e0035afef5.exe
    "C:\Users\Admin\AppData\Local\Temp\cee81cafb953b0d7a0739463b8be21fcef6a033374c257cd7b2569e0035afef5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://skjp.zcjczj.cn/rxzgzb.html?s=156&v=157&c=207&a=175&m=&t=1614703116
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2908
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fd36ba474bdf58d2f7e0ea667b9a4230

    SHA1

    6d48fd542cdb1e6f15cf964f210b4a10784473c4

    SHA256

    9bf26d8b7fd97c6b895b329eb748e6d5f450c60a940e5aa30a15a54cc313d32d

    SHA512

    054cbc2f0adea68608e11237f982c5773275a468557eac272be1daf2ace2c8b621d620641bca24585ee92b02d74948d00f0c39f1e216c2b74eeb2dd0da0d615c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    553eaf55ed7db552e95e2c52b73dd359

    SHA1

    2b130f367d70cf5f383d02738acbd7de0b92330e

    SHA256

    3a402aa87c51f6e95f824e352d520e0f2d970699f91b8ec322e0936fed35882f

    SHA512

    4350bd0507db571687300485cf6d6b5e43b9acb93fcd07b7e81155967cf366063af1b40bd1816b7200fa6ad2bc0758908c2daf39ce15efe29ecf581d7fedf93e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c4c9ca0fe9dabe25d6791cc312ea2970

    SHA1

    d4319139bf6066c3f5667115c6c665704249c57b

    SHA256

    e4ed81da7cbd6e2bd4a38ffa548deac11a34bf8467884a598fb1bf4cbc39a8ac

    SHA512

    283f4fab1f5b1f111fe9ca8ac5160bf4815f973e940dbf474a6d665496133891595a4b8aa163bf5b51a91869ff2dca275296212ccbbd34c2ed3891a41d798b0a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    55af379bdcefd6ba970d96fb4d65d540

    SHA1

    b783e22b6693029b9b288b07ab9c66b8b2bb7ef2

    SHA256

    63c082883950e04e882901a177a491ad710c275ab0b40c7b7263d3fe08de9db0

    SHA512

    37955668c0afc97e94990e3cfefc651c8b9bcea343df155dc81db6e73a61e3f09d48d05eb460040e091fbb8ec9fcf1a7bdc9cf19ba93ba95b5bd7d2d66f5c9a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc329978fc72b47d649e45754f003eba

    SHA1

    23e71c0eaa54b7ec51cd29856795c3d0ea792447

    SHA256

    b7af155876be3d63e4f62a0bbaea64058c8ec8e1e02733bb0df3bb0c25567647

    SHA512

    a0e4e7f62e872cb00ec18bb2f9b539eba93a2d2355df52e81b05494c03556c9c236c9868dddca379ecc50ea5fb31edb89d6840fb2f4a8b61a75b032ad12afb60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    af23a052f97503f3d5371cbf1f5f46ca

    SHA1

    e413d811bb6fed117eac7ec97dc22c5142aeccd1

    SHA256

    d9046bb0be26641b667dc6fdad9d37872c9f8f232ebb853a701011c8278bfdd9

    SHA512

    ecd03ad0bbe289e84ae2800bb4cce1e379ff1725e5aafb48225e529839495e2bffc62c39e2b2a15302da8419132bcdaef36a7df6e1cd9262ec332dfbffaec322

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bcc11f5cefd79bd145d8bb35e857e5c9

    SHA1

    dec75a0116f205b3892cb76f62717559784cb8dc

    SHA256

    9d9b7523e2baa4ef190c1f05bb199ccc6488942e8e865693a7cc5145e8412c03

    SHA512

    973db0e542c0db1ee1f5f2dd45481f8a0ac4f98940b8d2b6b76a4bf48681e0695f092593dc6d5f46216ac06508ee8bbfb10bcbf7eb1771715e7f956fe1a56511

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c9b8d35d64ba290cd496c80270c9551a

    SHA1

    8d31cd499e164edb17f850efa78dcb50cdd14eb4

    SHA256

    0d9e3d4e478a442c73cadd58d38cae171d55bfecb3b45e81b8c14bbae8e81d18

    SHA512

    c9db20ca4bd72d9f5e812965fb34dc970588313b033795fbd3da3e3b06698b7e50a483c246ce001c52a5090f0e63a8a9a216edec07d2d54fd48d674e6b7f0a64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8b025c2f03129da5a24fba3684e94987

    SHA1

    76dd8b27cce3fcf44878863ebbf86877dc5abb9d

    SHA256

    62beca27fcbf865c97a9e068fd75fb1b3d0b779963f16cb76aeee1930594e3a7

    SHA512

    b8b112b46ccddf1cdab8be0c294c8bc6a90008ee36779ece250461dbd0cc8e8be8b0d4c0bff272a5e38b85c76dc5eb4a3f2928a41de7b124d48e984c2595835e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e7641abe2cfba198a04416c0133bb0c8

    SHA1

    45f69877fb05c76411884431dcd2cea57fe743be

    SHA256

    c51e4ab3d47df07d87cc16542386fa166fddf9c7c5370343c74a89c7b1983801

    SHA512

    cbcd279bc9410e0cf3818c0cfd120020b89653380fdbb963ba2c16531c793ab39ea1e62217e5e807ab66b9863b52faa1856875f012b1645569d68a17e80d6a11

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dccb2f7ab0f837da0cca9bb6bfd79e7e

    SHA1

    9cba37374525416282fb1089f5b84e3dd86eb369

    SHA256

    4ae9dd2d7fa70e58c22c20c36a0e81955cbef0162bd3505b1ff94360214aaead

    SHA512

    4c8afca576554560a8d119afbb684c09ea7bc21d324047ac2e4e8fbbf17807bd28d5525c4481b20d30610490278faae8e08d6be7565070efd4556062ca8038b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cff2020c514c5845014c694bdc38f5af

    SHA1

    716040dd572c023d4012b01faa173e4d11c46717

    SHA256

    c20c18a39a25063db7ec3744fd47bc495952bfe6ccaa7a9725af06d7bd5dce63

    SHA512

    64ba470851cc97df83803ee84cb0e26798291e0976411bb6df35e557077a761d45295e7eea2d0b628d22766ea161d5649e2fe34c68bf9757e42525963fcdf84d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    133a32fd606d4dba98f345ae0bba4456

    SHA1

    2ea5cd830404ff0441bcab3d0c3f0afa7eb5e138

    SHA256

    26800835e457dab516bc52528a372f68ca8e45311afe82b576849ecb6318ce76

    SHA512

    15536430a9e38a484bc88b811de226433137e648938fdcc84278b4e66668d5ce9c442acb321f176775a636ea42494121ad60d388e331f7b0659c9aed0d208ad9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f902b33dc31cd045a41346d2f6134a3a

    SHA1

    766bb829ee64ebbff2cc4820ec1774f3588ff0d6

    SHA256

    cdc92a536c221f8712d76a2641b1d2364662f26a51a9e46adddc0adc30566d58

    SHA512

    ad480d24ea8e6d13033668f65d29c674bf1d6e3ec8a3b61c978a8c10067339c0d0f365564415a9148db517347af9f4bb61456c5f6b587bea7dd9242bf318d651

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    612fb093a35a1ffa73c36403afa929f1

    SHA1

    494fac3ee726a966c6847ea157abf06e4b92121f

    SHA256

    b4be855bc6baccd2c3499d514f5f519433d75554c7d22951febe1d903d3e9ea6

    SHA512

    6d64170314d6ac10e1306e36456d45805efa5ece6053295373cf91a47d4217ded854bc98dc64f5528ee0d0b6772ba3aa937b1211a766f18663bdb14c0fcbf57f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc0fb389056e73db9e29368c9dd5f23a

    SHA1

    faeb8ed26a76ce098baff82afce192a4cc7788a8

    SHA256

    244be4db91be07a3fe28d22744cfc797b517398c3e8a5d81625322c718b1117f

    SHA512

    811ff242a128d22ac5f814f25f76e008ce9a4da7316137015eda88170bcfb7b138a0e5a1244d3d631a48d1b9ae532413e6968fb0743c13c59be72ade921d3c28

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1b43ac3e697c415e2314d46b319dee3f

    SHA1

    8a766ddbe93b07aca4c1e5df6b9f54946e45b5c7

    SHA256

    059c264c672cd109690925b5e37262195f08f1790eba50c3cba39dd986df06e1

    SHA512

    042b372ac8e64393f220ab00beed3d6047eedd1790bcf5643c4a02555c8f1a3bb05014fa855a03611a2404cb65603bb94acc23e1b3e1187f8fe964fbe4e02ef3

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ba0y71l\imagestore.dat

    Filesize

    4KB

    MD5

    e7d7a8b9fa57f32084c9576bb0bb9151

    SHA1

    822f7a0ea5c2ceb18d93d96a66397d23c1a76bda

    SHA256

    f2627feae58430a443da427109e42bec9e84cf72d35e187598b07d628f17d46e

    SHA512

    b7f98a308cd14dbedc0fdd4f2e2f9f6aabd5a188d4e92e96756c211463a727949eb207101e8994365f7c2ebc9b0eefad467fce5106fe5099ac1e8308cfd7c10e

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\977QBXKR\5[1].js

    Filesize

    10B

    MD5

    74e1080b5e3125ca3a5abc7b340399aa

    SHA1

    b1e150e5809482e54c347d440f1824179c0d6d5f

    SHA256

    623017a5748ff1b4e9d0f227f5cd58869ae4959d1ca8fd204c9441cd11e2695b

    SHA512

    51985a333a6c225976863cf49eca3492f5b8a61f525d08d0bc69c25a7eecaad6fc3ec6f71420f06bb1c3fbfbd197eed6c5c4a99929bd0dbdee73ec2f88265f80

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B9M1KBX1\favicon[1].ico

    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

  • C:\Users\Admin\AppData\Local\Temp\Cab735E.tmp

    Filesize

    62KB

    MD5

    3ac860860707baaf32469fa7cc7c0192

    SHA1

    c33c2acdaba0e6fa41fd2f00f186804722477639

    SHA256

    d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

    SHA512

    d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

  • C:\Users\Admin\AppData\Local\Temp\Tar74DB.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf