Analysis

  • max time kernel
    0s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    23/12/2023, 12:57

General

  • Target

    http://185.172.128.32/cp.exe

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • VMProtect packed file 10 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Delays execution with timeout.exe 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 14 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://185.172.128.32/cp.exe
    1⤵
    • Modifies Internet Explorer settings
    PID:700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:700 CREDAT:275457 /prefetch:2
      2⤵
        PID:2208
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe"
        2⤵
          PID:1148
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c ""C:\Users\Admin\AppData\Local\Temp\svw.0.bat" "
            3⤵
              PID:2760
              • C:\Windows\SysWOW64\timeout.exe
                timeout 3
                4⤵
                • Delays execution with timeout.exe
                PID:1656
              • C:\ProgramData\pinterests\XRJNZC.exe
                "C:\ProgramData\pinterests\XRJNZC.exe"
                4⤵
                  PID:2564
                  • C:\Windows\SysWOW64\schtasks.exe
                    "C:\Windows\System32\schtasks.exe" /create /sc MINUTE /mo 1 /RL HIGHEST /tn "XRJNZC" /tr C:\ProgramData\pinterests\XRJNZC.exe /f
                    5⤵
                    • Creates scheduled task(s)
                    PID:1548

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\ProgramData\pinterests\XRJNZC.exe

                  Filesize

                  111KB

                  MD5

                  26815da7b0ceb21f0ff47cce616fdc67

                  SHA1

                  aac6ec708f9cf8893d57dceb4621c348a8e73dd4

                  SHA256

                  2f70162293f0852d13fcf7d26caff3aab0502db60071f977f571a9c0de750e1c

                  SHA512

                  bb5a06ed4bd458c244b23a5bb704d4e666b742a0bff469b40bfc734656b59de78529e8c10bd0494904c83166360334b1fa3fa9824f9be259afbdac9c7f318390

                • C:\ProgramData\pinterests\XRJNZC.exe

                  Filesize

                  20KB

                  MD5

                  d52795ba82779e439ca5f2a71934a4f9

                  SHA1

                  29b6a40215111ba634577851589561e78edcf34a

                  SHA256

                  fec3eb36c2bd3a7a6fc6cdce65d15ec8e78911f7b17c6d8ec163162271137caa

                  SHA512

                  8f04334a31de2235bc98b806d3d2cabc8a6d5d4b0683d4351fd2ecad1c86e66642ed625aef30bf5a55d1dd529a8c41fafbe57fc25c438e2893c04c28714da4e4

                • C:\ProgramData\pinterests\XRJNZC.exe

                  Filesize

                  35KB

                  MD5

                  60daec988e20e1acc293ba08fd78176f

                  SHA1

                  54429ad307a86a54d5978d106e0baca30727f155

                  SHA256

                  5d7c3b65be55ba6b8b6c8a81ec9a208cbb514e71ffb3ae4fcc7ef1ff9fb879ab

                  SHA512

                  5087989cb1d7fc1b5f32b3363057b6c763f959c1e2b8df6580917eb9ddf2370a7af3ff9d4c867f2a77be125771c2877a2f80a1cdcdb0278b825503dc50551108

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  0db8c98bc9d7b98cd068a84a9ef706ee

                  SHA1

                  256719eb256910f92b7bf2e2cb980fb5c315f60e

                  SHA256

                  46fa9c69afb7ec388e4ebec02f9ea27c5ecd1cd3ad32916ed7087a36c0c754e1

                  SHA512

                  02cfee63ff9d5ed999276b982db97bf56a259c16f77590916e77bcdbf58561cc4506dc7363f71f19b93c03f3f522c36f7fad85adb70383e1eff4f25791775b10

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  60f0014b072bb2a22264ac30f531f589

                  SHA1

                  8ddc66c9ab4d27be76542278f2c0018660f9222f

                  SHA256

                  4e3ec763ca0ed18ed7827516d686b92008408fa97db407a2c15771195c218e8a

                  SHA512

                  3bb54b326cdfcbe1aae473c5d0808fa6270f408de694d50a4cf7efb5c3cc4b889036dcd74810b732442f929fc558d07a475c99c1c5352a91cff2e2f4de1feacc

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  27f5eeb6a727f8e057c15a720d10e477

                  SHA1

                  78d8ea58124f85031cd651683a39a59c11ded968

                  SHA256

                  59bf64d6f42c854dcd458d00c082879c3f9d8195c225aca5a2110a21c2d18f1c

                  SHA512

                  0c353a1635d3c8803a59d48acd966ccd4531304e27c1cc1da546a0c6a9e3f84d945a101de45d32d6d7c609e095d5f67ed7b0824e9c0c255dc3fa70a9a885ce3f

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  0f0dcc30d88fcb799917e3e408c60800

                  SHA1

                  80d38a39324f0d9a55b094c10c5f5590a55f043f

                  SHA256

                  edc5debcadaddad0222b793ec7f325cc6ad05a1341ff4ea379246a40b2533cc2

                  SHA512

                  64d553f4ebd213e6a03b2fa6a2253b46caa8b4b965807aff5445e88a9ea27273f4094fbd5a6ae22040e8e80e53247c1232573c0e68677e89ba8587e5ae8d546e

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  e508d35759c3944d29cdaa288a6ee00d

                  SHA1

                  41cc405eeb92cfe80f20c17381d48677a9ac0009

                  SHA256

                  d2cd1701a82d1fc6646079920dbc174cfc238d3a96de6138da0ab9b2ba07ac4a

                  SHA512

                  8e26e3208ae2c1a2d91ebe11cdf1eb9cfcb58fe364d06bd2f02398b795706e353960730ddd98f9b6995f17afc39338cce658effe9c0d1632e939ae8f29ce4f61

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  723a7579ac1f78cceddd2043482fca84

                  SHA1

                  2ddfad0d57813cad9ce9089138d79e5bac17e5d9

                  SHA256

                  5c90a042f8312d8f4785d5b793e5c7d49b6ae9b987f8fd7faf738cf66e277187

                  SHA512

                  1935b727eab535c9a22a57241ca828ff333818a3dcf61c0b7ad24ccd02745eaac46e4ab9094fba161bc06b9654445fd9ae705b36b8883aaf113073494442bb7d

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  4f25a334517864459041569128f40c9e

                  SHA1

                  b71d57176b2a725f40f328b441b6ac7671acf78c

                  SHA256

                  60570f135040d2f456e95043b48ab5f30b685d08708a7b64c3308542ab56059c

                  SHA512

                  d874025c27ed943ffba7afe3b2f7bf3e3cbe2ceedf46051da5983d2426ee737a67b41bce1c892e48fa0dce6e72a12baa47b59d26c5e76359d3e54faada696f47

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  519478a329ca5910b8f6644b3bb327ea

                  SHA1

                  c7a36fa963a126990ea20c93cd0e0edcf3ec73e6

                  SHA256

                  d49498ae2fb320029e86e23cd6b92bdda661b48b2bc49aa4ddd039936faa2475

                  SHA512

                  56fca8891712295da2178aaa031ab8aaaa0a9d569723024c45796b89536fe59daa8ae471376940b958e629ba530a1d6e1ee8506be979660a18ec821b33505af0

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe

                  Filesize

                  99KB

                  MD5

                  e49a7963c190a7c95d06c83a5290bb79

                  SHA1

                  165cfdbefbd99faa568744b29e51faf58d7e1bdc

                  SHA256

                  bc72aa3f8b94650a7826fd6a191440793d00373e3483f5ca141bbefc80c25927

                  SHA512

                  bfd79087e1ca0b07ee66083aea7c73ec9aebcf6579c72f04b5e74b1d161e3e21e4f8dc8a011bf049892ec2a22fc32e2da1e8c2a6d9d36f57125f0dfabd8bc5f0

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\cp.exe.j46mimi.partial

                  Filesize

                  126KB

                  MD5

                  765edd4592a42631d487c187b11e1d6b

                  SHA1

                  d57ad1ecbcd1299ba8eb8a1f62310553ee948f5c

                  SHA256

                  d6a24badc135f0280b35a43b0a9f95a55cbff46404f2e87a2aded4d128ba90a8

                  SHA512

                  589916213f6e46257cd6aad384c139e5516e3355ecbec7f47970f283e309c6db8e30b812e5a5efb8418af1e64e8443eeb410023354434602583dfc95ea00c2f1

                • C:\Users\Admin\AppData\Local\Temp\Cab2FC9.tmp

                  Filesize

                  65KB

                  MD5

                  ac05d27423a85adc1622c714f2cb6184

                  SHA1

                  b0fe2b1abddb97837ea0195be70ab2ff14d43198

                  SHA256

                  c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                  SHA512

                  6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                • C:\Users\Admin\AppData\Local\Temp\Tar3069.tmp

                  Filesize

                  171KB

                  MD5

                  9c0c641c06238516f27941aa1166d427

                  SHA1

                  64cd549fb8cf014fcd9312aa7a5b023847b6c977

                  SHA256

                  4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                  SHA512

                  936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                • C:\Users\Admin\AppData\Local\Temp\svw.0.bat

                  Filesize

                  174B

                  MD5

                  33d499d801536d8bcbe8d44d726012de

                  SHA1

                  cd4dfc06b75eab99d8685d7549682a21f65b2b6e

                  SHA256

                  f55e3e8f27229976057d50081ec8ada2d344d5b3ab2170bdd86d10841d1d3621

                  SHA512

                  efa5914bcb08d17210fd70aa3daeec08e244e62dbe53b536841cf9349fb29003bab0d29cf08229fbedf6d92ea0b74155eeefa80f04cfdd0ba84f6ac4ed909e92

                • \ProgramData\pinterests\XRJNZC.exe

                  Filesize

                  1KB

                  MD5

                  31cd622049e3d62b6ba5da5c78257cad

                  SHA1

                  202d702da8ccf5a6a48c025013b5120eba228286

                  SHA256

                  d545ee1954c75b5a22b1c90d1bb36dfa2d91df2e1b6a2f1fca1acbf72d22816b

                  SHA512

                  895c92c18aa0183ffb39e68cf447b4cd1f555943c5c0dbb5f6e22c206cbb26d9b8f129ed5f5f746747b8caa925090209b389628526c2e767d088072064363f79

                • memory/1148-510-0x0000000000310000-0x0000000000D80000-memory.dmp

                  Filesize

                  10.4MB

                • memory/1148-515-0x0000000000310000-0x0000000000D80000-memory.dmp

                  Filesize

                  10.4MB

                • memory/2564-531-0x00000000000C0000-0x0000000000B30000-memory.dmp

                  Filesize

                  10.4MB

                • memory/2564-536-0x00000000000C0000-0x0000000000B30000-memory.dmp

                  Filesize

                  10.4MB