Analysis

  • max time kernel
    269s
  • max time network
    325s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 09:49

General

  • Target

    NET Reactor v6.9.0.0_fu11/Help/License Agreement.html

  • Size

    20KB

  • MD5

    06c924279196f41e26319f9bf5e65bfa

  • SHA1

    3c0077fdcb7fe9d2414e8490a165c5d45c78ac75

  • SHA256

    ea175c9d9d6597cc35aebc53a6bdc10e1e914c6d5d6fc6c19e0da78b11b4b137

  • SHA512

    d3234456a399628e0e4178612c1ebb02a37e74c3226f7cf31a1aa0330644debbe8f8095a83a7cb41dfc3ddd22695f8853a866094f0814d4698227de875625816

  • SSDEEP

    384:Dhbkegxb0Fac9mfn3+2YCjDoAOIdHNY0B+:lAhxWfOnO6PAYq0B+

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\NET Reactor v6.9.0.0_fu11\Help\License Agreement.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8dad98f9cf47eef30e130d47b4c79fd9

    SHA1

    6b61c08bd728a056b5569442c807afc3cadac868

    SHA256

    861a22275fe4187d4a5fc86903572491f14cb913a858a0bf19a95b4582e7d14c

    SHA512

    2cb2b767bbd9b040866e28e492f3c7dffcde86783d2ecc2e4a43d2177dfe4e242d9721d740f69e216e8ca91c1beadeeefd3b594e3ec198d04c20c72e858a893c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3549482d926940f4121ab1d5a79e5f03

    SHA1

    3aba35330797074551b8c84a0570380a8bff1182

    SHA256

    56a28b36efbfde3b68261dfd09e9f8d4d9bf226d060bd1dd743ef4daf639636b

    SHA512

    32942a2bf2462ba17bc38aa3f525514a9369021464e2f1e1c149ad07cb7ea0fdd27d75c678299b0be6ebb060523a3abaefae23ba73cc857e78a19ad478264ed4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aebc53fdeca7f5b3d4671cde53780054

    SHA1

    7c0072ea63b725a0ce15a4cc3e6ac3591ca9a816

    SHA256

    bb0088b20a317db1e88ecb4581ca5874258761107ccbdab0173f23d46658b685

    SHA512

    1ddd5317c54d8504c438ffd49219e1be4f03d14c55c3c7252ecb590056f9c578b76d7a32dc70d1e18dd1e3412d58a35b45aed2a84bd9e089476787fa4470c312

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a3d55e00ff9bbd3b649ac7f193407f4

    SHA1

    07c63f887ae8aa2f4f24a1d158b55a3239039790

    SHA256

    54f30d7d7c57cf039c3eebd1b933e367cb901ef044b93b7ce5c878d20cd40dfb

    SHA512

    5c5dbf85075f35c6641cf81b4f9151618245a931829c88dbf2f3803c99cb07285261eedd8586ec53e6dd846e5faa4791af28a33780e6bf237e95d56f5216ddb1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    652eba5a87623b2e00cae7a545031a98

    SHA1

    b8c4e0a40861e54760f52613d580c3f066cd7280

    SHA256

    77eb8496037917619b9186b087aac09c9f5b0f15def4fcd6d8d6a27b9cbea4ac

    SHA512

    7fdd3ac1681550699115f7a13089b7720fc7b7596de5caa3e54f5ddf03133c559cd94199e95c07baec9df566496509f52b27671853c05f52f14495cf86c43b5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4f1cbb9860c38e8da6df6fb7998ef76

    SHA1

    b60ea814a913dd2781317f71fd170c4932bd4856

    SHA256

    9f4cac446d157428c3860e7ce8a72541020a8933c5e4275d501f0436408ee3a1

    SHA512

    3a67c639d8561dd714dd434fff89b93a89152d81c47e84b8b1f5ec99cdbbb5d652bdebca00ce03b16379061d0d991f2e02bb2027c5c6fd06146c019b62f5b32b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3e2ff7f6f1ff7627f626bc19af7e1b42

    SHA1

    d29740f2e5608f35c037b76ada7ba448bc14f924

    SHA256

    8e2d970041510b4a95ec22037c14ee8d8a45502a89eb0403229c952716897ad7

    SHA512

    58e32b2b4788bebaca24498e0f412bd244fe463bb609cacd65c7a7db1096a1bc86bc884f9281a0eeb67a5860884472318f055fa11081bc779c0a2aff7e3d2a4e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6be052f8a75ac2212f57e800605ad382

    SHA1

    115dceb46ccb5acadfb37b3fc1c23c88ce185269

    SHA256

    f9e7c34edc078fcae60f6fac47f627a890e252bde86467e987545bf15d9ca5c0

    SHA512

    8744832a9234435797692482f272ef2b177f976fa46b58660f1eb5d0a8159b9814ccdc26abecfd8dadbac80c53fbce1f4120d6d64166147f1618b8a001ab3e15

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8ac202339f4a4c9235219baf729d3af2

    SHA1

    ee1c9af0aa98534490575960f9f6874773fe1f6d

    SHA256

    bb461b88e93245e54ae48fa5c5d9446f8ada23116851d39db7102dbbd3dd592a

    SHA512

    c73aa104c2cb042d4a3df47d88650a546982e8feead9c5a25968418ae9ed4f43f5a9eab72fc5427299900828013bb8985a5f8dff479a9230703aba29f04b5a75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7da19720d8c60aaa022e9d042e8cde82

    SHA1

    7c7dbcc65db1e3d21f4ea4ec9771eaedf0ed276d

    SHA256

    1d65303c9361f0adb2a6d793742c44ceff4bda4e7df6e10e126a5840b08361ca

    SHA512

    7f70860ff9aa2c4b3fe80a209bebcf31a54533e347022cb2d3e4310774d0738dc673f751581abe28fe3f4f27614022bc856c54c2f985c6bb02ce3297a7f1a404

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cea9b53d78879903bc0ed7856f7b67ea

    SHA1

    59e526018214d7285f92db42f4d5b553d5c4d9c0

    SHA256

    f47e55edb7f16b8c94b521c4b9808106910c01196500d50b9c611822a147b2bc

    SHA512

    d81674ec8a1a3c7616068c2fa9b26d86184e5a78b26c63840660e867fb560b40393c1e1c1a352c58d0e2b8bbf6ecc9007984d575fa1325a84495bc7a74ff1554

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4aaccfbb1d46f3e57555414b08c6ffb9

    SHA1

    494369a689ea95dcd0ecdd51ade85f33e8136366

    SHA256

    21e5bc384ccb545b9385cecad32779cc39cc830751825923d4dda5b7948d0501

    SHA512

    852b387e32b0a5561b5b79fbaf1c61325a5fd8b75b2aa6346535735c54c86409d05989348605a0d1b7e0600834af2479948cd408b56a97a8c340b37c4524dc6d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    473f5284758bcd37c44a0ed679249cc0

    SHA1

    8ff90b91cea53ada9f1aad2bebac849f47704376

    SHA256

    01b09ba7c44007e93ebe21d1ffbdf4e74e6171b1a5715aafb010bf415d8aaa01

    SHA512

    882c1536c5bcdcfb21e5e946c48a3b28087713ba0a210f2ea4ebfece28951b642804b9aedad7aa1d0433d0493dabc6e206628ff40e9ff0e4880e9de9dd947984

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3fbb6af46f065f7ae5ef29651e91ec89

    SHA1

    8586e8d7e7aacd7366038858e98845b1c3f59d9e

    SHA256

    725fef7ca34a26cc8b0a6e4dfa3d7fa00b060dfb2f06c931a35e9b76b69b9a84

    SHA512

    604b352ccfe3b851a7e180fde80c420e252c65a91fdccdb113c4ba40ca556422de9055389129efee298410a6e4cdb66527613074da58548ff4502c38be0793fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b51c38d816ea3d9dda78119380e2801b

    SHA1

    174b6b99a52a5d7ee3daa68678dfca602e6b59a1

    SHA256

    59dcbcdd16350af0fb96bb23f2db5ccbc0d42b47d245676aa03c6d654ae7b92e

    SHA512

    aea3cf62a369e69ba0039d4dec535b7ceec380fc83acf95ae64fb080981e8dcb9a3e500b1fadc7b171b36f8591678768a1eb19a78201917caad4c5d44f9e6048

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f7f1978133e48e57b0beb4bbbfeab19c

    SHA1

    8f57bdd195bf548d8b9c157f7a995d8773c41756

    SHA256

    6e465cca300dfff4eabb84a692c8afece91a107847e98fc0c671b996a73b12cf

    SHA512

    5c35adc7872ee05bfa14b5fe588584a5ea29c8945adf436c128d1418c8f530851e970f82d408d3ec3f551e3a2dfc0afd9b0bd83af2bf3612fb428a0d481753a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d493356bc4a52944ff6dac5ace64e96

    SHA1

    912380fc7ecdf3dbf6904606a4d95fed9095ba53

    SHA256

    65cf58a6fc49e460cab69f206ba621aabdba2cf00151314b7a0acdb0f84dd89d

    SHA512

    3816c2f398a47d2f2071c2590432d1a8c6ba11bbab11a0f668673b3d1bc8aab3515bcca3a4da97e05c8692e5584642bd8f326cb49d93cbd57c2d7f2907e4fc19

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff46964bf7f93b0e8ff5ff18fe7a454e

    SHA1

    21abb8714b9236fb906f29997f321b64f1a52e20

    SHA256

    22dd16875226986aecd866fba841a9a95b8dafd781b2ce5c063272bdb2f2b8e5

    SHA512

    b4825e0d7f44821d3abe02fb2a64527e8aee0d7a729be52e44b9cc3a8bbdc326d57afedf5f87691d0e4e20804536aab6ee97f7b3d0076a8931fed0eea8898b0d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3909e40555c75fc11099ed1e9422b902

    SHA1

    266a6eacdd54133a47bd37757aaac8809189e9be

    SHA256

    b56e895161bc665cc90acc7f0fe5f7bd1d449a26e6102d5bd96b2b83fc0fc12f

    SHA512

    3274dd4e075ed3d455317c6b7c5e490f107250d2168bdd55ecb0039d36811d0943121cb41c1db989b421b2647c2bf37f82674ea6837733dc9b8ba82b180dc6fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fc4e060c7c963491ad53eaef202f02d4

    SHA1

    c5e9c55a34ad4e324880782600d92d46ca1d5b51

    SHA256

    1d98d06c53b15f6d55222b2deaed3e0a3bf77fa83462fce865e3ae5191a3c411

    SHA512

    844ce6b463c4b51b9075fcaa171f3aa96c60c8a571a8296c5a98a5a0d6378a35ac865f25ec7535a969335cd633f35a887612e28e2907d16934d1c3ed38a8c6cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    baf1ae6818cd0516dee983138dac9dc4

    SHA1

    1e4d30663f91cd88c3caf1a98f83f15d4f7495a6

    SHA256

    6d263bfd508fa9047955878bacb3cc7d45a78d92446db90c90ed1e3778b6f110

    SHA512

    5dd4d820366b9af58c46c3c99420e0d550cc34e0f087e59197480d76e636c7a25b65abe793c3984c401f164f121a1f15fcec1c1775b2c010b4b4e5cf03d16b3d

  • C:\Users\Admin\AppData\Local\Temp\Cab31E.tmp

    Filesize

    61KB

    MD5

    f3441b8572aae8801c04f3060b550443

    SHA1

    4ef0a35436125d6821831ef36c28ffaf196cda15

    SHA256

    6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

    SHA512

    5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

  • C:\Users\Admin\AppData\Local\Temp\Tar10E8.tmp

    Filesize

    163KB

    MD5

    9441737383d21192400eca82fda910ec

    SHA1

    725e0d606a4fc9ba44aa8ffde65bed15e65367e4

    SHA256

    bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

    SHA512

    7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf