Analysis

  • max time kernel
    142s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2023 21:59

General

  • Target

    file.exe

  • Size

    356KB

  • MD5

    3ef6d0d9ca0bc4b00d304ee370853a4c

  • SHA1

    a188652de504e6e53a0f1560fcdd315a409d1ad1

  • SHA256

    8765a0a92fa60c2a4d21ca073dcf805f320c2e3d07703b97638b38888fe25d23

  • SHA512

    42b7375dca8da5c1cfa65bc0b8aef15155a5fea8ef1199ea0cd874693b3bd98d01d4cb4b38ed0fd7ef549ad8121ceea6c1d6c462d757793e3f21ceea0fcfbc5b

  • SSDEEP

    6144:rUyuwgfYypdScEGyH2VXisEYvo1JwgeDsizp7qdq:rUyuwgfYgSiyWVXzEYvoXwgeDseH

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2380
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DataSvcUtil.exe"
      2⤵
        PID:1172
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
        2⤵
          PID:3068
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.Workflow.Compiler.exe"
          2⤵
            PID:2324
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ilasm.exe"
            2⤵
              PID:2596
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe"
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:2632
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ServiceModelReg.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
                3⤵
                • Modifies Internet Explorer settings
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:2928
                • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
                  4⤵
                  • Modifies Internet Explorer settings
                  • Suspicious use of SetWindowsHookEx
                  PID:2748

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4b6aab6f587310ec16d5fd3ca06e8257

            SHA1

            eb2dcf116a04c02a4e15a8cedf36d337db294f5e

            SHA256

            23c452702682dcbfa136c0cabe2b734bfa23b6ece4ad09cd7e1a2e10f17760ad

            SHA512

            903e811c7d154fa8d9dc77a72b8f0316a8ee283e2c804a1a191c0b3a53653ebca7bcbae6e4d094d2cb39a4a746bfddbbadc6721d693d43dcd35e9082efd0f581

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            e05e30f40281aa9f43b0326270a72b13

            SHA1

            d9817fd4522c3f017e84c10419f232e76cf25493

            SHA256

            bc093d539b48611dda92d9aa58d2a1c9ffbf1c74e5a9bf72eaaffd1938f74751

            SHA512

            326114dabfe430a56ebf1fbcb9f7a09f9635bc3b641c12110d893589c342482be83a01a48cdc24852e2e609e05f30140350884a7e6efcd03fef8190cae010a53

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            6b2df7f937b325533f30e0c229d21554

            SHA1

            4b0fea87ac7740831be6b715edb11120474647f9

            SHA256

            55e8f7886833a2b8a6033747ab11807117f136ea335ca191ae6c052f3530e6b8

            SHA512

            c533a27ec54007030bde5b85c92e1dfc8ef8d25436cc38d83e6f3387e3650831c09071fe5786534fa8b65b5c6554b794ef41bd908e6cb011ef482aa95de3272b

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            d0bc6cf6821e56bfc8cfa8b7a3179049

            SHA1

            0ef2105ce5bc4ccb352a5182ba90688928333875

            SHA256

            68b6ef8995df601d5ecd9ff4ec120d4e804f0cefec546d77d48df8abee1fac68

            SHA512

            0843c48ff23a978266c22c2f928da1522be9e30acb9c3462e8aad29413c1e6a1dac47228b4fccf9e22d0514e211182cf5a48c03bea47d28e0b33ac2bb82b9c34

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            1a159d29d0919207565cec8a9d5d61fa

            SHA1

            77c9d28bde41e454199fec22c2e70aca80215fee

            SHA256

            f00d4063ec54d5d6bb3c150b3c9ebf742e31eeb0b978c4fce78cca19021fed1c

            SHA512

            70b1d2f075f6eeb0ad690bea26a87bdfb5c3ab113c91df65d4093a6be6664ac363155daedbf598db336220194d12c9106924dcd6a8849b85b277b709c915731d

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            4ed15420eb5228902f8aed44eb738f34

            SHA1

            75cf44bf4225208a7ad07ca7c2f0be3f810b634d

            SHA256

            f443a2390c970bade2ab5cc00806e702ad9975d17b911c1ef37f0604bde6cdc7

            SHA512

            a4b1657d683a9dc14f2334346daaf3bc7719b1e2851525031c6b146d73e40b0e96f950802741ac94e8cdd9ad1dde9ac5bbdafbd912862a440008bd5c4a2894be

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            35e1d027549be30708771f6258417c4f

            SHA1

            ef753291d647c72943d72d8598cb6030777d2b3b

            SHA256

            0c011440d47f5ec611fa325bcf32ec7d9279a2581f8b26d6df37a4f0de7e054e

            SHA512

            acd1273499fbcfc002975825520f4011c99301622f17ccaa2b311b855d1624ae6f31723d8ac48cb1336a98c4bc3ee82285022ef38f760dc38f1d2e4c61e2fbe7

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            8fe5d3e74d5af04756f522905112bc23

            SHA1

            7cb1c7b0ada1be6b17d136b5b838b32d6d72a876

            SHA256

            82cedd92630dd865218d6be04bb05c7e3b6170992fd64c8f844eef5d8d073d7a

            SHA512

            e17d455899b3a0c6589dc433f5410930f0fd87340186cbcda59c180c336ce05dbec1cc832fdd77afeab19b77f617a1171cebc89e8f66f2cbd40226216dfc2ecb

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            44eaf04de4a6a52ba10585a02d884b25

            SHA1

            8cc0df930c0e5cc8ab65109de4307098cee7e018

            SHA256

            b6b94e6fac9620ab76fda6c0bf25df4f1c98bf707469ca6b55336104f8f4a0e9

            SHA512

            dd789f9ebb0ae692be58d6cbfde1a782158d81a35c3ecab9111a76f3c4feb86a397eba0bf8c8b8e4ca4f30b1a834061dde1ef4183e40937e003b0f9b1d3329fd

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            b8e75101f2a32083cc4659d0c46d9f9b

            SHA1

            0aefa0e085011e77671a603df47b9ec90794b5a0

            SHA256

            aa80e2835c5bb63b0b93e5c503ed99376f69b0021678af0d92abcd6b28d49b23

            SHA512

            951b86c24d186e33754e993a675e1921f448e222ab2808e7dc0db15301e1d020e0792e55f6263dfdec95a23271712be402581a346f77d1375e95dfa597db5a14

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            b3269a34b22e84c998610a002412093c

            SHA1

            97ba8473c108eccbdee9688e2cab0a12e68d1d61

            SHA256

            0a2649fc887dc77234f328e7fbc28e00bf7567b1c4898830815c1b6f884da13b

            SHA512

            f2c62aac6d195c76e305093e6e7bfbf3d21c4bb781d0b156c4b0fe8df47e1c0ceeedd8d812a611ee6bcca654366ca340249cbeb64816e399b506744dde06de52

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            f7f590f4794ecc0041b56194449382fd

            SHA1

            d1bffc6aa04e87d8b93ecd3bae25f53a09450805

            SHA256

            4b62e1e9e11c6287ab936269bfc61446e050cdfaac66fd0089efd2b235359b73

            SHA512

            8c240508a03fc51b80098ca1d955c545e4150b7c7db4c8ec7cbc887623bc628ab84941872a70d780395d1c6a0b794605199ef2121fb76f587bb38716e1af2e84

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            3be807bac9210789fd08e6ba89443094

            SHA1

            aaaba7de1aed82ee05da0aa159a9b40da5cedfd9

            SHA256

            f9d0b426c308f9a008203c999216f62cfbc29ac67b2a0112629e0b6c573977e1

            SHA512

            aca1e8b125a7b48999ba524a41c040c142d436b63fa93d6fc95f362bb63e72b29754930fb2aea1c816127a088899dc4f0358d7615a865016ab49010498cdd038

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            649755e8de8d2f186284359ff4e460ae

            SHA1

            366ba2fa5bb4daa877aa7934f1278d1c9f6f3138

            SHA256

            56a23e697c0ddd41415e6fdc04471d56718aed4273803d441c384966174f9278

            SHA512

            d2c153459ad582b6dbe8d6c4061300bd5864f4525d80497bdbdab6b87cee87222ef1904e6fa7961a3e7460a82b3dd3a35f257a1c15e4051feb1b57a4f2124b69

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            50ee3cd7896e06479f6f6466c6e8e6ac

            SHA1

            35b3d5d050fe45ca6a95a8c14e0f304b34c85a7b

            SHA256

            993da83551f8ce6270c0469f8d2aa4c63422b3b5ac7c5c6a27ee4fa06b976fff

            SHA512

            8c1dd02dc5b79101e81a5756d318a6a5ee24697c6eaca750fe391c486f2ea18666a0756a42295868fec7088e3b94f92511d572a0aa020bb723178c46271436a9

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

            Filesize

            344B

            MD5

            19c67cd74d7508ebedda3688fd88df41

            SHA1

            37f8cea106f0a54cf226d0b776424bf65fed6686

            SHA256

            a82fe8fd6e9fdf1cff26fad7dc99116c0486d6bd229fddf6b3f9fd2b9a38acd1

            SHA512

            1241b0b7a4f9f425f1dae6f660e642393c6d377328d8f974f379b0fe6ff4f0b3eefd9f5dd0746ac4412878e11844ec744251350e7e2496853a93106941beeef8

          • C:\Users\Admin\AppData\Local\Temp\Cab7EB2.tmp

            Filesize

            61KB

            MD5

            f3441b8572aae8801c04f3060b550443

            SHA1

            4ef0a35436125d6821831ef36c28ffaf196cda15

            SHA256

            6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

            SHA512

            5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

          • C:\Users\Admin\AppData\Local\Temp\Tar7F53.tmp

            Filesize

            163KB

            MD5

            9441737383d21192400eca82fda910ec

            SHA1

            725e0d606a4fc9ba44aa8ffde65bed15e65367e4

            SHA256

            bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

            SHA512

            7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

          • memory/2380-0-0x0000000000980000-0x00000000009DE000-memory.dmp

            Filesize

            376KB

          • memory/2380-10-0x00000000748B0000-0x0000000074F9E000-memory.dmp

            Filesize

            6.9MB

          • memory/2380-4-0x0000000000490000-0x00000000004AA000-memory.dmp

            Filesize

            104KB

          • memory/2380-3-0x0000000004780000-0x00000000047C4000-memory.dmp

            Filesize

            272KB

          • memory/2380-2-0x0000000004850000-0x0000000004890000-memory.dmp

            Filesize

            256KB

          • memory/2380-1-0x00000000748B0000-0x0000000074F9E000-memory.dmp

            Filesize

            6.9MB

          • memory/2632-9-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/2632-7-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB

          • memory/2632-5-0x0000000000400000-0x0000000000408000-memory.dmp

            Filesize

            32KB