Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    04/10/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15d27c669c13bcb799ef7b656ee45944469650b8c2821de397d3dc4ae9740f67.exe

  • Size

    221KB

  • MD5

    b6381027adbb765b3fc74dcf4bde8fc2

  • SHA1

    46713b5aad2ea05e740c9d4b856f684cf08db882

  • SHA256

    15d27c669c13bcb799ef7b656ee45944469650b8c2821de397d3dc4ae9740f67

  • SHA512

    13f7805c529d6e64f3c0b92a0363a252afa2ae6bfb883593de487d4f6531ebc469833a306a0a08ee8834d4ee645b3c5171908cf5782e6ad3e41ce8ad5c344ef3

  • SSDEEP

    6144:PFGW04vUM40jPhfAEpZM0GTPukULkj14+SMpd:RaMbrhf3pKnTQg4+Ss

Score
10/10
evasiontrojan

Malware Config

Signatures

  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 2 IoCs
    evasiontrojan
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\15d27c669c13bcb799ef7b656ee45944469650b8c2821de397d3dc4ae9740f67.exe
    "C:\Users\Admin\AppData\Local\Temp\15d27c669c13bcb799ef7b656ee45944469650b8c2821de397d3dc4ae9740f67.exe"
    1⤵
    • UAC bypass
    • Windows security bypass
    • Windows security modification
    • Checks whether UAC is enabled
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1716
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\15d27c669c13bcb799ef7b656ee45944469650b8c2821de397d3dc4ae9740f67.exe" -Force
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2312
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2596
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=aspnet_wp.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2624
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a585f1f129639e798dacc4ce0cc03824

    SHA1

    0d0d2b2b4dbc4b2ed009a48cb1f3c3eb8b122ff0

    SHA256

    da1224b456cb73e9e59c7664b5565fd531c2b6e51bed93d662d354eb96167e9a

    SHA512

    44fdc746bee6607b268471644bd18d3c045b6bd3b110ce99a151ac46f3301ca6092ca66b98ec296a1e1bda4181d09750fd8fe7a8c8f5fa2e9341fd1b5f71d384

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ceca090f423b53ef262ca9e372a9c42b

    SHA1

    393b7d28ce05db07d803cb4e7ebc2f228d75e1c6

    SHA256

    accfa8bf3e365a187b7999bae193524fe439cf02772a765d2f9023df905ed18b

    SHA512

    6ff78abacc9e049313f62029110d5d5a63d12cbd3f41ce953691da84a0cd9319513231cefcc4c2b9e74c0b26a964cc0ecd6e5bb86d47b1819a97068ee9d418db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4bcd79faac2db44b18fc1cb0ee31d60b

    SHA1

    a395f8c0138982367578d7af384c518bd6701241

    SHA256

    a6ef151167412514c868ad0b417188110c2cbbaa9ef302044f0d1281378f9e15

    SHA512

    5dc8fc0d96036ba95d5f0e90ba057460dfe36592ca5ab8bf54ed519253437b8800c12d8b2c21c0a708a3bfdfa6f63739cb0356b4db3b546731595c1a66403950

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f645095a6d35f122f1f6b19f66df51f5

    SHA1

    e585d230408f8901157bf07a7a3a6a5ed3a62d0e

    SHA256

    85b4c6af8a38d2caafeeedfdb3d20dc225178f03bf4dc1b7bd899ccc21ca3212

    SHA512

    561b755f8fccd2d2c694c254ed92f696566031b9ebaaff3dbea6a1844da772e52ea9ee21cbea1bd22f94e37416df6e340d05f3e21607587cb0144824bb325a65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75105c0cf0b69db390614a4e9f677cab

    SHA1

    3d7233746b1c7a5d5cb124685d50661837fe485f

    SHA256

    2bea6c15ce9defb1be7992d493dc8ea36b728249c2183f07572df31de059ca3b

    SHA512

    ac10018a9a0891f9ddd92109e9fb10dfdfc2c2c9f1026400c99eebf9f53d7e371beb381e11fce4fee9f9c1e2b2c9be600e68a77d201b21480ed4836210001c90

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2385b5f168fbc9bcc8e900e6094f92ef

    SHA1

    b25c940b4b9b1f0ed07d60758e9be52b9788bd3b

    SHA256

    b1a92bd26ec8bd9a5ca0a3f27ebd4c9f6270034d423b4af707e65e68e8a9bae3

    SHA512

    e1ff92c124316a37caa73a862a347eac32a516c72da68e31b1c73ad66f6d008a703fc0e0a99bba65a28cf4e08b3c9ede8a6cf18932534c963dd8ce66cae91395

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eea56c255e77c8c84791d47060e67b59

    SHA1

    a55f1f9eac9616da66eca4ec3ba46547c06a74eb

    SHA256

    3d170bb1786c02ff542f95e21f5e3b6fc517127cf7059971bca24d3d1160bba4

    SHA512

    1f6ac83137b7ef0e81926ad9fb99c376b619a819c03dd83a79cbc4522571563aa8aea5ce6249569cd5f4a60f272d82832974d721859e9abee9a5e3c8f06a0a56

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    721da6aba0dea801186b557585c9c247

    SHA1

    5a0e9eb4c45a006fe02749ac80baae37eef02dcb

    SHA256

    9a3755383d6262e744844ea02f77b013b3d815e053bafe9084d925e957ada094

    SHA512

    3b7908a50dfe4363013aa9e34fef4fa02754022e9dfb2acd2d631b79c2a4fab6e727fa2bb08f2382816c816e8b21f8e71038f51e85de5cccc7466152a88635e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad02b59f5d41ef61382385185100b46c

    SHA1

    50fa15168683fa3258353f4f467aacdc0b7acc5d

    SHA256

    1623537bc74d1ee88084b70408e6aebe0ad6ea9882e8b77a9376d881ae8b7bd3

    SHA512

    b17f1da259aa163bb607fcfadea1fece9fda7557ba697a9ef29f6d54ebdc9e648ff042425cf317bcc2b9e2bef06a7609d8a6485217dd771ab1878ab583f0d099

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b3f565b7dcacf5939d7d37b840bb5605

    SHA1

    2a9896ddbe2713718a290c0b9c98d238bab7ea9b

    SHA256

    11f0bc3cf5345b5995e6384b0ff17aa31d2b88d7ca51a3b162772503ac5c9aa7

    SHA512

    6a0148d18035fa205eee07861203622b7f816f83b6c57f844b3070c80d70f1ff1a405eaee3fd23d9cc7851bcf16b6777a92f8efe67020eb46df6605e3bca1a52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5c319bbd6ff62c1422ae1e51a1c8d44

    SHA1

    70f8445e0b5fdf7e40b6510eb367d4cce42e8f1e

    SHA256

    8f7f3a135122e458ff454f38c343008c225672b0e0c041e4f18ed2d080e20c09

    SHA512

    5de034fe5d1aec983b134b3a6872516bc426178a3a857cbd82a450dd04116d140ab05f27fd8e9d81e48efd4fce3fa29a33a4f6d6f9ce5fc1153f1d2ce405d3c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7286ba31ac753c24429245368ea997d

    SHA1

    bf470f83c13578397ba08d2236b772c99a3c7d90

    SHA256

    cedd3698a9e890e3dec4fa8ec2b46d751d609e12a46f8317d993181d17ebde09

    SHA512

    907a3b0970e44cf88113209b2cdd36122b4a6ed98fef4656cc8f6fdc89a0b6ee916d980fcd73218212fbcc62e13700fc32c8774c289a75b9652ce6e43e70bbe0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a5555976dfaa09980562650b33f31fb

    SHA1

    35637daf1f0aba64add08a9bc2a09d60293621c1

    SHA256

    66cef4b68674a9fd3dcb075bd4afac69780b45dcf0447c7527d769b040939492

    SHA512

    0b76723c42f1671bce6deb979553eecc1429287017974d4bd2b889c5bc4e17b5701329fe17f23e3c1cbc0fbbca8256cab23f4184c85b6adf46a6fe8e4099d9a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7258e611e945b3c6a7158c0df9647acf

    SHA1

    41b59cf9197e4bbd47f4b3b61a6ba87d29cf6074

    SHA256

    0396a16a2a002fb45a8095cdbde91af1d715ebf8290adc190e05463a1d65090a

    SHA512

    9001bb67efa5c0dc0ebcc5e4d7659d96b932df9932e161e60cb49b796859c2f118fb0a09810bd3bc8cf24d9bb1c42e0a1eccd1d81cf56d2fc99254d2592c1fd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5cf34763128ddb7b96e8c5ddf95bfdd

    SHA1

    7e49ed9edc0945e437ff37472dc8d31d86373294

    SHA256

    87e9b99e782a1d47489a68161871fc94b9685aa506075d4592a6fcb4aad24f07

    SHA512

    782aaaf18908f2ee9cf69c3d6ed93dd750947c15fc8c731d849cd784cef13d246a4628f92dc32ca248ad2e30737cf01d560b851df8e7d9480501ffb594de8168

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f1caceba1106b56c1e07ed48c7304f0

    SHA1

    7898cca32fc26198f0e2ae8b2700a1f3c3a2a54c

    SHA256

    71fed4aa465e36112dee9a3d0d55fe58336714cf1ae48a79afbaafbc23051a8f

    SHA512

    95f979c4a58289f853b60754bbde783dcb94e681921f19e400d75a13a0e58297552b8d27acc70d2a77d25bd3dec6dd4a7c355b71acd9750de9a50c4907ab8a58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    60accd75b4f139f8bdf37e0b65124973

    SHA1

    e4e01443430b0312af069876d7c4eed1c22dfc5d

    SHA256

    ba5e9b07c10adc6cc2b1dcc9404b23cfdeb71ecb1ba92352021d066a5b32f013

    SHA512

    aadd498b249d8fc7c46b5831de804dbe15206652209b7770451764dd8518482513a646eedb154855ed0e68b7d92ccaaced8b239eb2606bf6f60a8301c68640dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6D74.tmp
    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6DF5.tmp
    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

    Download Submit

  • memory/1716-9-0x0000000074D50000-0x000000007543E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1716-1-0x0000000074D50000-0x000000007543E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1716-2-0x00000000004C0000-0x0000000000500000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1716-0-0x0000000000A00000-0x0000000000A3C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1716-3-0x0000000000350000-0x0000000000384000-memory.dmp

    Filesize

    208KB

    Download

  • memory/1716-4-0x00000000003D0000-0x00000000003EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2312-16-0x0000000002400000-0x0000000002440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2312-13-0x0000000074D80000-0x000000007532B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-14-0x0000000074D80000-0x000000007532B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2312-15-0x0000000002400000-0x0000000002440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2312-17-0x0000000002400000-0x0000000002440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2312-18-0x0000000074D80000-0x000000007532B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2596-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2596-7-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2596-5-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download