Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2023 21:58

General

  • Target

    file.exe

  • Size

    356KB

  • MD5

    3ef6d0d9ca0bc4b00d304ee370853a4c

  • SHA1

    a188652de504e6e53a0f1560fcdd315a409d1ad1

  • SHA256

    8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23

  • SHA512

    42b7375dca8da5c1cfa65bc0b8aef15155a5fea8ef1199ea0cd874693b3bd98d01d4cb4b38ed0fd7ef549ad8121ceea6c1d6c462d757793e3f21ceea0fcfbc5b

  • SSDEEP

    6144:rUyuwgfYypdScEGyH2VXisEYvo1JwgeDsizp7qdq:rUyuwgfYgSiyWVXzEYvoXwgeDseH

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe"
      2⤵
        PID:2872
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2340
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_wp.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2876

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c3658394596a97707e8ca666cdc37150

      SHA1

      9df35805b3d80cdddc5c86cefe78ee183dafffb9

      SHA256

      c69e27e70564a7f12f9e023a5a904e64c40a4d843fd06fb2ac423eec2a6e4353

      SHA512

      029fe4269dcdd37684bbfef0e2dcb66debd0b12972803dc1b0104d7a2e71b00cc9daff44e4550c00b815434250aa71406ade10e9d16a1b46ee4f725b717f6679

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f0686258990267280e214ef807fcf0d8

      SHA1

      47c2c123ef43a69791fa141a4d2a1050f703805a

      SHA256

      9fa46fdb9333f5901ccd57fd796de272f03ecd1ef2d790a163ae55a33a2ad45f

      SHA512

      03476181134d6cad1de53604b025bb348174c3a4b6339b8d8bac1ecd30326f3e4b3e849a68355767f98bc736051044b89f02936367f5cc9e7da8cb9138d1e9db

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f67508fc1da526ec704076dbe2e82612

      SHA1

      7dd1217d7d6df40d78b5e0d92e59a454898c93e0

      SHA256

      f69034dc8e48e0973f7935389ccf6d1fe6d2bbe9cb365662f87baed7770d209a

      SHA512

      2e1a35453f6a3c16c922dbedf012498ce29bbf2b2c7257e86598074022683379d30fc82b986f2b05ed6f04d998e87ded2a64e91e2dc77225fdae28730852efeb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      0bb56be15b7fbfecfe8fb5da54e3fadf

      SHA1

      878e299804a9a5a6e2e8835d6c712499b2d96665

      SHA256

      1c13e3300f48939551daa00b3f6e60f041fbb6b36dddefd6ee511b2d7ef46055

      SHA512

      f801f4e73f0900f65f32f30a2037c0a949f8dd5f33d604cf5a1cbd9643db700461bf466765a6acea81fdf3bf315aa3644f58ca7a549497942a7a982570639a07

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8ce73842ade2333ed4a8c517027a976e

      SHA1

      54a8fe75f431260caab0b48399e264617aee2de8

      SHA256

      2cb0e990388a2be8d295d044003c312b4510f544d26f38e072e61fa57c056500

      SHA512

      48c4f4d1562b932b40311a54785a70c0dfd49248267ab8a9f610fc4715778693a15861080db9db66cad0ef0b22f70dc6300f3d68277d87674512036ff6147402

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      e76e76490360eff21cde774c69a73987

      SHA1

      162b6d783e8e7221798e8acc1d495df6df8f5e56

      SHA256

      1b9713c6580b2ddc82edb9ea438f758dd3ba62f9f41eb40760ae9a87028ca8d8

      SHA512

      c782af31dd0aa9c5ef00c22f82df709c5093eae9d5b5448bb2aeeac4596b139281d74179c2a8ae5642d5e9b78287fa18006f127a3d09fa559e85027d510dfbb6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      9b1f1bca2207e7ca8ce02158768cf7d0

      SHA1

      ea275ce9275967130fe6fc1e07dfc82cedb0c2eb

      SHA256

      eceb5dd639c115f726afbc1f07b75950124ec542b905d6bb6c5922f5c98cf3d2

      SHA512

      2db0f86981f407d42f8ce94415ef75b81c6a278df8f1e69cab6ef7d00d1e1515ead448f1d7b43e21c55f76f5df2f9c2e1e186c1907098acc49fba5dd335d1d1b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f9c390b04ec933422fc05273bb5a2c98

      SHA1

      1e60a761b9c062efd267385fe64888e8d933d50b

      SHA256

      3be17abf552f4a75614bce09b258db0241fb5a28268adc33b060052fb627b8bf

      SHA512

      ed16ae64c29db84e8846fbcdc73accc6238bb546daf1822b20b85e42f8e32a315fbecd985980cc985410205adf05d3164916c9137d7329483476ac17362446f2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      43369c6dbaefb2a09f6c0e025d8e04f9

      SHA1

      8e3ec8f8d5e570db8a2d47fb4c2c9cf1999f6add

      SHA256

      4f66b012d6c3c2ee911eed3d4720b643be942eb53c3582447ebcd585fe893dd8

      SHA512

      68cf6c300d644deed1ea87608aa791089af8dd1ec08924428878c0d5fbb8ad9b5cbe68bba217b1c9ef31fb861c3451b648161dee6ac402c4d09e5b0130d5a1d0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7b78f50d7a96a30b940713846b98189e

      SHA1

      a6829b97dad487df1d76033ae5b799593259eeed

      SHA256

      6aac2302c9857f101a53c24fce68f1aed84c4367fdf4f739317add4779e9dcaa

      SHA512

      cf51011b1d7f80ac1d1d44bab15537e0de36958e91910779c7f64c0ab1d31d7c6068a6f7091f4afce66514b8ad88c4f89b48812a1676e1566aff994ffaefa843

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f6f7a23a341ad9d70bad7b8e60fd776b

      SHA1

      1171501aff2634900bcd66c49727eb0e9f1e3437

      SHA256

      d55804ca5f2bbc2013a91c3a091008dab2eddb16a23cde67f414895c988b2788

      SHA512

      2c99a998d28480225297f9767d5d38a6bac592449fcdb45ed3af47517c6f17b5c51c487e5835e5d9d4d30317f14b774967f9470f3491d709b0a87fe1127c14f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8cecdea177b04ef802af3622c0923ac4

      SHA1

      cf58d65d7cdabb89c1146361727ad9c78a453039

      SHA256

      18ff201317fd03e8c7e290a1a5004eaefdc47cb8aac3e127a288f8b8f34f7a2c

      SHA512

      5d1ee1648794b7d495cb902e99b8a1a0a89687b4e7122239685621c74d18b32a4305ba55114221b6fee1ee7847662e086c3f64575bf01a7f1110d1eed9ef2cb6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      5ca6c514b1b7433ab14fcd02f1ff3e3f

      SHA1

      28d48a159461b782a4cc681a47c23692ec7c2851

      SHA256

      94adaa3baded04f64490178e83a205d9ee31f1056e70d104459e4bdc7ca83c19

      SHA512

      f8b085a70eedf6ce01f2db9bd3eeef3769aeab09c536553a3e8ed92f11cdb3b73baeea1ee122d13850a3d363328f438064a43dec6da928025fb93b7419d06499

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      eba0cb93c1fd19c4e053e5748fadce0d

      SHA1

      b36870aa834902e6c85f56eb2db6d69a1553ef8c

      SHA256

      90bf0e88418fbb73bdf7f330bdcc62a6a577dfbd9c7851948046908565b53e57

      SHA512

      edd270e111fe665dfea278e62cc8178d87d9b6d54d17baf4b12364505acb133900be326197e8a8a20763eadc145482c134792adf3c76fcc637edd7eac17d40a3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      b49571e8de7b0ac408ca0378365e34df

      SHA1

      429f5052409661f00a6d4ddefe076e7a470d7110

      SHA256

      2bc2aaae8afe9e3923991fe9a451de76eac99b682e053aa286fddb692eef5cb2

      SHA512

      c6f3875ee81abb5a352f986e0b45468eb049bbd0deb50e707fb98a9950da26df6b670f579ee3f369c207f2c6a91cbb389f191960b30ee219b3856ff660b48f7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2d3dc06c601f06cc1b127440cb3daaa3

      SHA1

      3821353e232cf0cf36868a8807b9b950ae0b50d0

      SHA256

      16bba4639072bbfb1e3b7558fac5dea3b9f3b844b2fa0b5539e978f552ed537c

      SHA512

      9046095c9c758ba371423bb21a10cf187962d84368ab71f95579bb5a5c03bd64b911b1f6d2ea6623b70d64822b21440fad50816eb63c0542d7db19da97ff63dc

    • C:\Users\Admin\AppData\Local\Temp\CabBAE8.tmp

      Filesize

      61KB

      MD5

      f3441b8572aae8801c04f3060b550443

      SHA1

      4ef0a35436125d6821831ef36c28ffaf196cda15

      SHA256

      6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

      SHA512

      5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    • C:\Users\Admin\AppData\Local\Temp\TarBB3A.tmp

      Filesize

      163KB

      MD5

      9441737383d21192400eca82fda910ec

      SHA1

      725e0d606a4fc9ba44aa8ffde65bed15e65367e4

      SHA256

      bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

      SHA512

      7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    • memory/2080-0-0x0000000074840000-0x0000000074F2E000-memory.dmp

      Filesize

      6.9MB

    • memory/2080-10-0x0000000074840000-0x0000000074F2E000-memory.dmp

      Filesize

      6.9MB

    • memory/2080-4-0x00000000004E0000-0x00000000004FA000-memory.dmp

      Filesize

      104KB

    • memory/2080-3-0x0000000000790000-0x00000000007D4000-memory.dmp

      Filesize

      272KB

    • memory/2080-2-0x0000000004E30000-0x0000000004E70000-memory.dmp

      Filesize

      256KB

    • memory/2080-1-0x0000000000F50000-0x0000000000FAE000-memory.dmp

      Filesize

      376KB

    • memory/2340-9-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/2340-7-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB

    • memory/2340-5-0x0000000000400000-0x0000000000408000-memory.dmp

      Filesize

      32KB