Overview

overview

7

Static

static

1

creepy-sal....1.jar

windows7-x64

1

creepy-sal....1.jar

windows10-2004-x64

7

Analysis

  • max time kernel
    21s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20231023-es
  • resource tags

    arch:x64arch:x86image:win7-20231023-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    31/10/2023, 03:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    creepy-salhack-2.08.1.jar

  • Size

    6.4MB

  • MD5

    28589fa2ab2d5b249c7abf95bdf89872

  • SHA1

    f597cb29caa3c26a625e96bea14c83b8a0d87e49

  • SHA256

    fd9d0471c958197392bfdc2bb19ea8035fb54564b32b243a371ff3d558dd0b7e

  • SHA512

    e8bcf1e28edaa8da471cb53f17019a3083846b8ed1b363901b8ad6b1f91d0f27fdb74b2d09c98c961ad13a88be05aed5e0c6dc5f32b4ba36dc364ade4a16a3f1

  • SSDEEP

    98304:90R0ZaVZnsSoQZQlXV34uYn0ArpV0TQIpiKlQynOswXv5xpcq+tsljul+tRz8:CIQZQD4ZndeTtpiKdyv5xpp9M+Xo

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\java.exe
    java -jar C:\Users\Admin\AppData\Local\Temp\creepy-salhack-2.08.1.jar
    1⤵
      PID:1624
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        2⤵
        • Suspicious use of SetWindowsHookEx
        PID:844
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:1956
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1720
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        PID:2028

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            3594aac165721038598a8bd5c1128308

            SHA1

            7b5154df9fb71e5414c8087c8eeb2a449077b24b

            SHA256

            d9e40291debadd1425fb8ccad80338bfcfa1173aafc4882fc4971e88e2511bd0

            SHA512

            86b95c1040b69a9b0aad8384aefc7b1aa163ded538bc48a21393a39eb2019b41473e99768372bb5746da525b164af7dcd8c764dd238ec3295d93f0280b6fdca7

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0ce9d0943195d5e9217537324fbd0493

            SHA1

            1a7d7883b0b05bd34cd7c7ec561aee7702361372

            SHA256

            1b9ada124322ba879ede47df2d9bfe8d4a92cff83f116e2146508624b0e25ecb

            SHA512

            5bc9e806ca1739e39f2968e467c9015877edbb1bbc56606e8d165dde21e156de3445c19cd52bcd5d221254014ba671c46b152cbb0552aad9351f58b299109bf7

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            b8f21a65d3163939beed6fe033dcb2f5

            SHA1

            660790c5ad2c4c035c6ba0ae7adf1d1f76aeb31e

            SHA256

            22f107deaeb2510e24eb91c5261df125f9a0a2fb8a99ffe96aabf2f10e5109a9

            SHA512

            c86757c6bca6a0978ae6ed10636558f35390db273ae3a5c2cac3a0b965da0dcabcfc41c55cb81118f8ccb27974f4a3cfcd2fa27e8a26e65ae8a2a768d4056458

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            16f85defda267e16efbda5bee9b4b4ca

            SHA1

            3e59ae0a6d36cb8647f2046e22117ee32c0c5fdb

            SHA256

            24ccc01162101fe6ee6a7d305e803c0cc0d466d41e755fb8c8287ecd5aa86845

            SHA512

            069373ccc7c9408da06951c9c91672be8b6e0b97c856ce8788ea969e378d31eb1404bb9bbaab4b6528fc7e3297e5bd295d0d26b93efbb7816b860158325466a8

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2DD3FB1-779D-11EE-A518-5E4C92BE5FE7}.dat
            Filesize

            5KB

            MD5

            4359f3c1cfc40194f3989e61246d8873

            SHA1

            de9c4baee3ed25a422bbf1b94d32fbfd77b3524a

            SHA256

            89a1cb0409517eb02caad26b85dfeaeca1a6e578f8c7ad77dfab9de494fe53e2

            SHA512

            3eea54cd457dcf20b858493e4f6d938bfde8d1762d99984ae45404dbfdef14d832449e1e2303f6483fa606834d0ef1b3529ecfdbe605483b7a0dc1a8ac3cb9fe

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2E92691-779D-11EE-A518-5E4C92BE5FE7}.dat
            Filesize

            4KB

            MD5

            92e6123392430f80ba34876615fe6d4a

            SHA1

            0c222081d64d313af13b2adcf9ee100e303c4fd4

            SHA256

            f34075253f59679eefad918b478048b49e4cd196012448cea29feaa512b032c5

            SHA512

            8e5e4a15b4479213c9e90a09699d617972b18ee9cc61fbbe88dffe2cc7a3a825594e1895a7092f240f39412d8a9d3a4c818f1bb6c6086f2e8b2b694cb1359d22

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2F2AC11-779D-11EE-A518-5E4C92BE5FE7}.dat
            Filesize

            5KB

            MD5

            ede5bddbf7ac4c8dd6fd048a6303ab5e

            SHA1

            6ea96599d9dabcc1bcb8da3911d6948404af7248

            SHA256

            2db625684a11445a77d60a99b38af1edb04642bf6105885ae9ee466e33f42de5

            SHA512

            c09ff707e5dbefcd4570bc3efab0b9a605927b35058774166f26a6e12f8da92605cdf63b4efa90075dbaa808c10dfcd769b7fe4c51a2bc4a01462585f8d203e7

            Download Submit

          • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D300F451-779D-11EE-A518-5E4C92BE5FE7}.dat
            Filesize

            5KB

            MD5

            f07e9830546d887df36991c01be54105

            SHA1

            2f29dae46c4cb53bfccffbec10d4d6787b12bb2d

            SHA256

            76f23a12ae00f39620974860b9517a3fb711b289854fff25c7d133d1bd9e1c5c

            SHA512

            624f2d471251242cb7683feb2b4585cf5de5c112da6b8d774eec47674051fef40a304f10fda9e1f4b0d79ebff56c130a70d9d773f1d66afe8a5cb5f2e263593a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab14EA.tmp
            Filesize

            61KB

            MD5

            f3441b8572aae8801c04f3060b550443

            SHA1

            4ef0a35436125d6821831ef36c28ffaf196cda15

            SHA256

            6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

            SHA512

            5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar154B.tmp
            Filesize

            163KB

            MD5

            9441737383d21192400eca82fda910ec

            SHA1

            725e0d606a4fc9ba44aa8ffde65bed15e65367e4

            SHA256

            bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

            SHA512

            7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

            Download Submit

          • memory/1624-4-0x0000000002170000-0x0000000005170000-memory.dmp

            Filesize

            48.0MB

            Download

          • memory/1624-10-0x0000000000120000-0x0000000000121000-memory.dmp

            Filesize

            4KB

            Download