Analysis
-
max time kernel
0s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23/12/2023, 12:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://185.172.128.32/cp.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
http://185.172.128.32/cp.exe
Resource
win10v2004-20231215-en
General
-
Target
http://185.172.128.32/cp.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
resource yara_rule behavioral1/files/0x0036000000017478-436.dat vmprotect behavioral1/files/0x0036000000017478-509.dat vmprotect behavioral1/memory/1148-510-0x0000000000310000-0x0000000000D80000-memory.dmp vmprotect behavioral1/memory/1148-515-0x0000000000310000-0x0000000000D80000-memory.dmp vmprotect behavioral1/files/0x000d00000001754e-517.dat vmprotect behavioral1/files/0x000d00000001754e-530.dat vmprotect behavioral1/files/0x000d00000001754e-529.dat vmprotect behavioral1/files/0x000d00000001754e-528.dat vmprotect behavioral1/memory/2564-531-0x00000000000C0000-0x0000000000B30000-memory.dmp vmprotect behavioral1/memory/2564-536-0x00000000000C0000-0x0000000000B30000-memory.dmp vmprotect -
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1548 schtasks.exe -
Delays execution with timeout.exe 1 IoCs
pid Process 1656 timeout.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://185.172.128.32/cp.exe1⤵
- Modifies Internet Explorer settings
PID:700 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:700 CREDAT:275457 /prefetch:22⤵PID:2208
-
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe"C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe"2⤵PID:1148
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\svw.0.bat" "3⤵PID:2760
-
C:\Windows\SysWOW64\timeout.exetimeout 34⤵
- Delays execution with timeout.exe
PID:1656
-
-
C:\ProgramData\pinterests\XRJNZC.exe"C:\ProgramData\pinterests\XRJNZC.exe"4⤵PID:2564
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 1 /RL HIGHEST /tn "XRJNZC" /tr C:\ProgramData\pinterests\XRJNZC.exe /f5⤵
- Creates scheduled task(s)
PID:1548
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
111KB
MD526815da7b0ceb21f0ff47cce616fdc67
SHA1aac6ec708f9cf8893d57dceb4621c348a8e73dd4
SHA2562f70162293f0852d13fcf7d26caff3aab0502db60071f977f571a9c0de750e1c
SHA512bb5a06ed4bd458c244b23a5bb704d4e666b742a0bff469b40bfc734656b59de78529e8c10bd0494904c83166360334b1fa3fa9824f9be259afbdac9c7f318390
-
Filesize
20KB
MD5d52795ba82779e439ca5f2a71934a4f9
SHA129b6a40215111ba634577851589561e78edcf34a
SHA256fec3eb36c2bd3a7a6fc6cdce65d15ec8e78911f7b17c6d8ec163162271137caa
SHA5128f04334a31de2235bc98b806d3d2cabc8a6d5d4b0683d4351fd2ecad1c86e66642ed625aef30bf5a55d1dd529a8c41fafbe57fc25c438e2893c04c28714da4e4
-
Filesize
35KB
MD560daec988e20e1acc293ba08fd78176f
SHA154429ad307a86a54d5978d106e0baca30727f155
SHA2565d7c3b65be55ba6b8b6c8a81ec9a208cbb514e71ffb3ae4fcc7ef1ff9fb879ab
SHA5125087989cb1d7fc1b5f32b3363057b6c763f959c1e2b8df6580917eb9ddf2370a7af3ff9d4c867f2a77be125771c2877a2f80a1cdcdb0278b825503dc50551108
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50db8c98bc9d7b98cd068a84a9ef706ee
SHA1256719eb256910f92b7bf2e2cb980fb5c315f60e
SHA25646fa9c69afb7ec388e4ebec02f9ea27c5ecd1cd3ad32916ed7087a36c0c754e1
SHA51202cfee63ff9d5ed999276b982db97bf56a259c16f77590916e77bcdbf58561cc4506dc7363f71f19b93c03f3f522c36f7fad85adb70383e1eff4f25791775b10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD560f0014b072bb2a22264ac30f531f589
SHA18ddc66c9ab4d27be76542278f2c0018660f9222f
SHA2564e3ec763ca0ed18ed7827516d686b92008408fa97db407a2c15771195c218e8a
SHA5123bb54b326cdfcbe1aae473c5d0808fa6270f408de694d50a4cf7efb5c3cc4b889036dcd74810b732442f929fc558d07a475c99c1c5352a91cff2e2f4de1feacc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD527f5eeb6a727f8e057c15a720d10e477
SHA178d8ea58124f85031cd651683a39a59c11ded968
SHA25659bf64d6f42c854dcd458d00c082879c3f9d8195c225aca5a2110a21c2d18f1c
SHA5120c353a1635d3c8803a59d48acd966ccd4531304e27c1cc1da546a0c6a9e3f84d945a101de45d32d6d7c609e095d5f67ed7b0824e9c0c255dc3fa70a9a885ce3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD50f0dcc30d88fcb799917e3e408c60800
SHA180d38a39324f0d9a55b094c10c5f5590a55f043f
SHA256edc5debcadaddad0222b793ec7f325cc6ad05a1341ff4ea379246a40b2533cc2
SHA51264d553f4ebd213e6a03b2fa6a2253b46caa8b4b965807aff5445e88a9ea27273f4094fbd5a6ae22040e8e80e53247c1232573c0e68677e89ba8587e5ae8d546e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5e508d35759c3944d29cdaa288a6ee00d
SHA141cc405eeb92cfe80f20c17381d48677a9ac0009
SHA256d2cd1701a82d1fc6646079920dbc174cfc238d3a96de6138da0ab9b2ba07ac4a
SHA5128e26e3208ae2c1a2d91ebe11cdf1eb9cfcb58fe364d06bd2f02398b795706e353960730ddd98f9b6995f17afc39338cce658effe9c0d1632e939ae8f29ce4f61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5723a7579ac1f78cceddd2043482fca84
SHA12ddfad0d57813cad9ce9089138d79e5bac17e5d9
SHA2565c90a042f8312d8f4785d5b793e5c7d49b6ae9b987f8fd7faf738cf66e277187
SHA5121935b727eab535c9a22a57241ca828ff333818a3dcf61c0b7ad24ccd02745eaac46e4ab9094fba161bc06b9654445fd9ae705b36b8883aaf113073494442bb7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD54f25a334517864459041569128f40c9e
SHA1b71d57176b2a725f40f328b441b6ac7671acf78c
SHA25660570f135040d2f456e95043b48ab5f30b685d08708a7b64c3308542ab56059c
SHA512d874025c27ed943ffba7afe3b2f7bf3e3cbe2ceedf46051da5983d2426ee737a67b41bce1c892e48fa0dce6e72a12baa47b59d26c5e76359d3e54faada696f47
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5519478a329ca5910b8f6644b3bb327ea
SHA1c7a36fa963a126990ea20c93cd0e0edcf3ec73e6
SHA256d49498ae2fb320029e86e23cd6b92bdda661b48b2bc49aa4ddd039936faa2475
SHA51256fca8891712295da2178aaa031ab8aaaa0a9d569723024c45796b89536fe59daa8ae471376940b958e629ba530a1d6e1ee8506be979660a18ec821b33505af0
-
Filesize
99KB
MD5e49a7963c190a7c95d06c83a5290bb79
SHA1165cfdbefbd99faa568744b29e51faf58d7e1bdc
SHA256bc72aa3f8b94650a7826fd6a191440793d00373e3483f5ca141bbefc80c25927
SHA512bfd79087e1ca0b07ee66083aea7c73ec9aebcf6579c72f04b5e74b1d161e3e21e4f8dc8a011bf049892ec2a22fc32e2da1e8c2a6d9d36f57125f0dfabd8bc5f0
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe.j46mimi.partial
Filesize126KB
MD5765edd4592a42631d487c187b11e1d6b
SHA1d57ad1ecbcd1299ba8eb8a1f62310553ee948f5c
SHA256d6a24badc135f0280b35a43b0a9f95a55cbff46404f2e87a2aded4d128ba90a8
SHA512589916213f6e46257cd6aad384c139e5516e3355ecbec7f47970f283e309c6db8e30b812e5a5efb8418af1e64e8443eeb410023354434602583dfc95ea00c2f1
-
Filesize
65KB
MD5ac05d27423a85adc1622c714f2cb6184
SHA1b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA5126d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d
-
Filesize
171KB
MD59c0c641c06238516f27941aa1166d427
SHA164cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA2564276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06
-
Filesize
174B
MD533d499d801536d8bcbe8d44d726012de
SHA1cd4dfc06b75eab99d8685d7549682a21f65b2b6e
SHA256f55e3e8f27229976057d50081ec8ada2d344d5b3ab2170bdd86d10841d1d3621
SHA512efa5914bcb08d17210fd70aa3daeec08e244e62dbe53b536841cf9349fb29003bab0d29cf08229fbedf6d92ea0b74155eeefa80f04cfdd0ba84f6ac4ed909e92
-
Filesize
1KB
MD531cd622049e3d62b6ba5da5c78257cad
SHA1202d702da8ccf5a6a48c025013b5120eba228286
SHA256d545ee1954c75b5a22b1c90d1bb36dfa2d91df2e1b6a2f1fca1acbf72d22816b
SHA512895c92c18aa0183ffb39e68cf447b4cd1f555943c5c0dbb5f6e22c206cbb26d9b8f129ed5f5f746747b8caa925090209b389628526c2e767d088072064363f79