Analysis
-
max time kernel
150s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
06-11-2023 11:37
General
-
Target
e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe
-
Size
1.6MB
-
MD5
c4ce97ea0e5f20d174769e2d3ec1e57e
-
SHA1
da353a2aee507e6213a2d3f79e596e59f28b3efb
-
SHA256
e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921
-
SHA512
fdc549ad19d84c9a5e59502a06d6c6ef0195c2688b8df2e46e0d5b3888bbfd22c62affba3fc1c5af62f08c4065a2f8f0daef8a43854c5ea25be45e972973daf5
-
SSDEEP
24576:v1tqdnuoct39hSck7xKUgvW6po1exWtfjJWMvpHt/W0yoG3uPH:vCUoM4ckHY6kxQfjJLvpRxPH
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer settings 1 TTPs 58 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe"C:\Users\Admin\AppData\Local\Temp\e6c1a4c13470ef2b82a4f1c6a356716503341ee86845f4a045858ddebb1f5921.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://kolostudio.fun/2022/10/kolo%e4%ba%91%e5%ae%89%e5%85%a8%e8%ae%a1%e5%88%92%e9%9a%90%e7%a7%81%e7%94%b3%e6%98%8e/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.kolostudio.fun/2022/11/kolomina-anti-virus%e8%bd%af%e4%bb%b6%e8%87%aa%e5%8a%a8%e6%9b%b4%e6%96%b0%e6%9c%8d%e5%8a%a1%e9%9a%90%e7%a7%81%e6%94%bf%e7%ad%96/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
344B
MD5aaa032b6c3c0e29be9bd233018d2a55a
SHA175f73c31cca0ddcc6cc817c5de8c03cab591fe72
SHA256c130c07302059f2ec1b91cc9944053feecc432ea18d230145396c6941053d315
SHA512a9dc76cc049d9c94f19632fc95aa03c293dc152f5c4a2357cab1200898f295c0cb624acf26532f84546143a476c84d2b88cb6c9d207e5f71cf71b4089de3f507
-
Filesize
344B
MD5a170e77d1ceaaf277de5739003213a8e
SHA1df2bae4d81ba3f30fb68392fb52b007e6ea6def8
SHA256bb625c4ef6a5307ed3a5a293dc256518e98582cabae515a1085ed9ae27927c84
SHA512dfa3615f2a1da10e7f42c3421adf3ca44789b6e9963b32e38ccb4fb2a7819ba179bd6f9a60a22291518f1e4d25b87d1ac205395d6b687dd28819e33eb59eab8a
-
Filesize
344B
MD54a34b2c90b0e70e5a28ba8f2f113dfa6
SHA18336b0e147b2d46ec5d61579b71cacf1d06d8cc3
SHA256a1a641724fdbab39bf05c5656dba5b60eccfef427fcd031d7e0d1496ff8347e4
SHA51252202c02112516fc1b366fdccb23574e4df072fbbf357015f35ec5df831be419b6b756c4c0a74368feb7fdcf9542c4a02de19dba4e669111635e24135c6edb2b
-
Filesize
344B
MD57c9692aa910f48d98150a38a42ae05ee
SHA1333331d848d3f510df46a0f19ae483dfdb1e9c2c
SHA256deb2b81f5aa3ddbb8f6639b8f3d43086526c43a153ba77d39945be79f4bc90ae
SHA512c6f6ab7eaf41b3c36e3b316ded96cd95330b33fc440e8824ef3678fb29562a1e3bd31f75dbf0b635187dc6aee056caf7317d7308418cee9864c9ad8c5994ec39
-
Filesize
344B
MD5e090bedaa667590f32693f8f0acaae52
SHA18af1629a1f8b4743cad5365e8215cfd1e6b1cdb9
SHA25685a822382aa6d181c06ddcb87340e1dacf3d79bd2d2d0c796bd6f8501f5378d6
SHA5120b2807999e4616cdf19e82a1a8745453c85d87c59fb156bf5c4821b2bb6234e6afb6f7a757056f3d7a401765ae7c0776819ce75069b2987cce7375cba894b207
-
Filesize
344B
MD52576a7b4f38d19228144f56da472a0d7
SHA138f5c56952d35f8cdd7ce08c91e6586a96b261a0
SHA2563066d5def0d4006c49724c41ff9199fdfe6f37a8f79c377793e8deb2c4373ea8
SHA512c91605e04858b878bb29b27e5a54f0e73975a7041dfb13fc175dab05bd33395158a373e894c53b57c869f89aa0b673f304932a62fb8db30400d13100c55ea606
-
Filesize
344B
MD5ce2aa8e03aca9fd511fe12da3c9ed823
SHA16e48ed20eb0b7d864e7bea7b531a6b98e59e0609
SHA2568a3edfe3da419bb0b680aaee07f6c1d3d9199d5d8c7f36c8ae40c69a5c75751d
SHA5126da988d3c4767e525c696b5a23763c1cf22a41549294f435bf1bef1d2600c8db37f1393be3fc2ddf35569979b14a27d33e48911d4790007417cf2df90533e0e3
-
Filesize
344B
MD53eb2c91e85c6510a5d13b62624c56829
SHA146ab20e55bde0cb5810734b3184927fa42f9e735
SHA25628465c3f6e425d5512bd51980eed61ed49aeb68b72967c974c18a54ea9427f71
SHA51216ca0895730c1268c002511799830db5ea91687208ebef4de9506cc76bc7f7d128d1e1ee81534c94b8f257ffce3ab9d0af158af130671f5f0dfa728aaeaebe34
-
Filesize
344B
MD51bff66d32813a7459c00b3e2d0ed91f3
SHA1e2c8309689e01fd0c2575dbc79b07f25d1c7bc23
SHA2564e7f2125f644d61d1a75f5dc28945218704f2937ffac7ae5a8abe18c4255e6a0
SHA5126b7b161788cf359c57398bf6f856155cda2937d38e79f8c4a710d54c3d31d252fdf95fe88d650bd65de466897f91f48de7f307ccdee947077f1c51f0654901e5
-
Filesize
344B
MD51f25945f25ce93caea502bc85b420e66
SHA172b2ebafffed042458c5b77cad96289712f99d58
SHA256f50ce2d7422cb885237d053e03a7cf1477985faf9bbe983ba9482bd8ea0e98e9
SHA512241b11f146e519d648e56dfb763c4e6f2432a88df89492ccc3f6fba05ed5edfc0d44a9780d965958ab3d9f2e66a26d3a7949828c400116422c344a3159db5f85
-
Filesize
344B
MD57d4c2f4eb7a4b73965934fd859bfdd5b
SHA14942a63530042b60d5ff7799251d191680ee5b34
SHA256ac0a655e54f852c5a75c03c4d59c32be62cc10dfe2f1c377741c8a9923b605d1
SHA5124828da12a928bc7312d0a319e0f7f5afd4697c3c4b0a5675ebe99b3317fbe18812f1a85638f3bf616fc15dfb3642ccceffe865443e6f72423268c40a3efacff8
-
Filesize
344B
MD53144cc9367cf06395b3afcbcf3dad665
SHA1386e365554eebb11bd054c6a87b4b9bda4a37abc
SHA25632422f3e3f96dd8f253ef154fa814688b917b7700b9372fd5f4be4f4264c0c64
SHA5122fa0b03701005a604353db3a45b2c40c8ff16e9d5430254ff657e26ecef68665bfb40216e5826177e773cca914f47399a02631fb1bb4fa4cb242f15365268ede
-
Filesize
4KB
MD5452634504a055920267c710258f27732
SHA10ec3bb145208c28d5286ed72243e3c7a82563fb8
SHA2561005b5f7e4bdb99a74ddfbcc583b5e5bf1f72b5dcac8ce0454b37c4033c2d3e1
SHA512fcfad4fd7ca6e4dca4c9f6f36014341489ab9c5f036386ee4bd0431a0d58a8c011ca9b244ec24d5d34f5abca097703cfbae9d81863b4b2f34874ec8c3ecc1a4f
-
Filesize
5KB
MD5f01a0080e8dce0e6cc52f1dd61135798
SHA1d529f4737ea8319de5c21acd685a267795b43ef3
SHA25607a84e6edb0972b032055f4c6a3484855694e145dc7f9c55a01bea5f33598fa9
SHA512c9e45f418d9e9bca51d90dc6f6269dd8b1e2055842f34426cf82dc5ee355c07c11422aff321583ee7a5707a5ba61b826c3e7e87b0765ebc7a950e058f45fe67f
-
Filesize
61KB
MD5f3441b8572aae8801c04f3060b550443
SHA14ef0a35436125d6821831ef36c28ffaf196cda15
SHA2566720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf
SHA5125ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9
-
Filesize
163KB
MD59441737383d21192400eca82fda910ec
SHA1725e0d606a4fc9ba44aa8ffde65bed15e65367e4
SHA256bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5
SHA5127608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf