Overview

overview

3

Static

static

3

806be12f70...c5.exe

windows7-x64

3

806be12f70...c5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 13:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806be12f70017197f3a903ceec84797efbf8cad9ebb6adc990a5d19a9699e6c5.exe

  • Size

    4.1MB

  • MD5

    ab967736d377cd9e9737de4193125239

  • SHA1

    215710c790ccfc29cbb4a392addab90a1c7c9732

  • SHA256

    806be12f70017197f3a903ceec84797efbf8cad9ebb6adc990a5d19a9699e6c5

  • SHA512

    8307355d30958d709ca26dba972ea0bc2d6ced7096e9b86cfcd065db9b6c5a2274c5dfd56e37b5c90e5d61bd62296af6d7cd2b4551380d4650a281de32f3fa8b

  • SSDEEP

    98304:14Uk7h9E+E2/mIP7YxlDwdiMcSCn+s3590xxwIXxK/:i7/VMvwdiI4B90t

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\806be12f70017197f3a903ceec84797efbf8cad9ebb6adc990a5d19a9699e6c5.exe
    "C:\Users\Admin\AppData\Local\Temp\806be12f70017197f3a903ceec84797efbf8cad9ebb6adc990a5d19a9699e6c5.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2264
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://jq.qq.com/?_wv=1027&k=cvHx7By1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    d3f56385cd7ff9930638d7cb8d4a69f1

    SHA1

    e7abd413d94292d65859fdb5d5bdd4f6deae3bf7

    SHA256

    7fd90030e19f1e08d45497374c9e93db18846ad2e339ee93c2c5f6cde254860f

    SHA512

    8849f57d496cdae27e0a693ff87b78498a86304fa12755ee882fa978398770c56aaa79fed881c3f0eb80cb456ec0bd5b62618b0e3874bd699686d34b0c286319

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd91c44b23694cd83ce84f14490b79a9

    SHA1

    873f6231f721ec8d532bfde0833b3ba80eba937e

    SHA256

    941e1c951c6a90b391b349af7d19e755e832a2ed8759776b72c49261c5525893

    SHA512

    575906e2da09161378dc75a32d3def4e822cb6815984f40cdcf800adb5b84f10659415a2964b7ba9903153c9710861409c378f2de43b34d8c4208f63da9762b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02caf430c4955418202353b4a9a1c069

    SHA1

    d8c054d14fbf498425323a489017955fa5d34dc5

    SHA256

    da04362d82feed136d1b1e2a3178ba45cc5916b6cf04608e717053bb95078a38

    SHA512

    db6a59f0b0c001be9b1cf602dad25be41b294473473f4fba81a0d3c0b2189d37d08132c1ee0ef258bcabaee0a5e880e621035be5d5d47352c2dad9a97ba17000

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    074f6eedd6bb5ab8a4594e90a57ae455

    SHA1

    14465fc978c5d20953ab481185a3ddff071db69b

    SHA256

    5ca5a0fb43b8ffd4880821971238c70a9cc1741b1937e01b45e841689a711041

    SHA512

    281ae30789d3840762803a832890164f36abe7d1254cdc622899be43667c1aacc33ffea44f4776055eb1a9829b83d9360358ef0531e771b84c3c48dafe760329

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76385d8a02acc6a18845ad61a010b3fe

    SHA1

    78a1a40a15d34d792c3514b65be47174d55c6ee6

    SHA256

    4a2935c71eea6a35bf82864d36a949002c5c371abd48d198a1787a7892d0965d

    SHA512

    516c993039aa88feea2736da1fe04ccd56b0f975f82cb8c9d919c6f43f31f2ee3c5c28adb8934eb97791e210ac8dae1b3389eba4efcbf87acda87a35f41391f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1729c0157978a7fe73c414570a6b767

    SHA1

    12c8039fce7a60b0e45631e84f97911b2b5681f9

    SHA256

    02504e9f976df341efa077ee33e173bf3e5457aa0aaf38c78214e326b071ef80

    SHA512

    a1192a434d998985e0a2de1f1b428ed401cc7bd211687c338725bc93f2405d1c4fefc1778f4b2fbbce04ff4498fd231c21b77a13b962f88f45a86443b804f3d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    defdd24f36fbc3cf1ec25a09c7cf3001

    SHA1

    fe93902b8c670dbb0545fe59514c657cd7f2c5a1

    SHA256

    e50769c6427f836fcb23db8bcb97486f945f6c0628623c8af27b786286c3226e

    SHA512

    5ce853133dea69ab8b1012e27f8772f6db0e4887fc5a6f5c449abb1693337207374aee7c895f5444f6b73212dd36ef88f4b53da8e966ec59f29570605e6f23a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    345130bec092bf93d9e05419f3eb2131

    SHA1

    d79378aaf41b9be99a3e422e5c9f220b8abdad53

    SHA256

    2db67758766b1561ff3d30de98e51f0eae0a566457444a9b7a7ecd5371638990

    SHA512

    4567d8959ba2c4c2c1f3bf2bd2cf8312249eec7b72ab5818017c68ad4fcead6da94c791f884cda60599465f3c4dd4b31745dd08d70914733103482d944ea0800

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85bce40685b40d608428ccaae0f760d4

    SHA1

    1c99228fc51daa7489d65da58cde6f617e9dc9ee

    SHA256

    1df20b6e750e2953c8e09faed3482f43b8d6039118a977ea6f881bd50638b686

    SHA512

    267b939bfbb3dcf7a9103ad3d429da3b59e1f1827d8d4906b1b24adc03f372ff84c7b54cf9f3cd45442a51b2578f61669de4ffc79a7cea9859a226fe1038f76e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cec3b57f2bdb46822fee90c079a3d5c

    SHA1

    fdc503c14d2f391f87a64b2edcf19be803fe6f68

    SHA256

    5b14cec5d626905d1953123ba660e249e2cf196ca63f0f4ae099921d72686545

    SHA512

    ae8cc4c6298342211bff4fb0116a22634e67bac477f7371f72c8a0fd5eb2e4870047116cb4c74981bda75923c6204f85223b7046b8295c4905e7b024e1d9343d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdbf08d6d16c54e0b570e61128b7f21c

    SHA1

    de3ba1396a4fc130352598262c8988679f5b422a

    SHA256

    a884f790452e1100b59424ce78eedb7c8ebdc270942b654dd01b1c6285017b66

    SHA512

    b232a9efed48c8a25ac4bf26b892eed0d3d734acb61e70a34bed1dcfda94d8c91474ad8946a1da650b71b267d48f9bcb86270cc70c0b9ef129485533955e30b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db2713f6e58b682b53d5469b4a556d31

    SHA1

    2dbe2f45057c4aa426aea7331d92e83a40ff9006

    SHA256

    7f780e95819771096cc5b1a6bf30898063b498d3440fe8154bdbbf4a537e264c

    SHA512

    38c34192555a6b4ce67b3375f2d0989f6d54b2eaf1bc0c272bcd3bae18ea6990486563614e41c8aade91d3710a58293459b696fdc3fe0c565f8e9a182eee84d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6aac3c762552361c789eb08f9d5e30a8

    SHA1

    69c31f54854dc18e0e7ca444413dd7d18c08ee7e

    SHA256

    e955b67ec386d8fbd59b3ff8c91211491e1c6bd0c9c6843061331d31d71e6033

    SHA512

    117febbcaa15cd3cee5ee86bc75e4b178d7c999da061f930c09c8d6fec62fabb169883c67d881e3782238c29245d9cf1d16d297d5b1c038a21e5b28f23d04bab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2e8289a40ee44f5da1ce5d061bc40c74

    SHA1

    6c0359adf5a2895568dffda37ab1577f2ec4e1ad

    SHA256

    cc64cc212df133b04cb0d3fc14c897e9e99172fff9827a0f8e52ad6dad90d62b

    SHA512

    5978e6aa482ce3db29f141c8d790be48a55bed36f6388b0dc3e831718c83ae7b92bc00af2ff71d305889c43f45199fb8f83af99d6e74fff93fc763ad0b30564d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96c476e323317141e15956da06a2983f

    SHA1

    f39f2020771588b26400d24fe8a238c3480c9668

    SHA256

    1ca0038e16d698bcad6c7d52cd349e543572e7f4b24d2c894905e54f52e6b77d

    SHA512

    e0df25562161ed6666d3b124408467d8be833660dd52d1116273723dfda026b44a972f9b3ae8a878930803f5a6e893cf99beabbc98ce9e6e239d38c3bf9c74c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b82833702205cd606303ae53a5382004

    SHA1

    f593a55a04d8a1b64a2d09ae5b4389610492e19b

    SHA256

    984193af3f6b61ccbc3866b67703c72ec9967c365fc3818edd64971515b8bb61

    SHA512

    e3aeedc63d70c5543a10d31a2821ea4fb42a4fe364fced46ebb399e0f794d0c893acf4251294d099ffa5ccbd73e8b8d775851c23c893610d06b58f4441d647ab

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59df92a53c2d58eebf5d88359270334d

    SHA1

    f01c3290d37eea72848d42e82fe80397ea9babf8

    SHA256

    802864bc178341126a38a214829c728a06c379ed9edaae8737728138a48bb93c

    SHA512

    af0328f91e3ea857b42b98b1844db8dd2880af1e6a3b6dd487e8d75ba44cae6d816900fca0b8b3a73c2bf309ca1579abb8e102a7409caec9345ecdaf5eeffb28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea61a02de864b42d797b64fb5ee07a36

    SHA1

    f512fcbf756407baf344b65fbfa33c61aee5c073

    SHA256

    721b0aeaa3aa08c2d75953d9340174036e4a25b490e207c04db986d238ee04ab

    SHA512

    25f2d226e890444bcc31fca2d4a1bdae85ed5f9eae36254c237cc7ed4d04a5212c265b5f7370aff0b71877335ecbbbb56043ac3e8de0c6e8311e705dcbb398db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    2776ad72e349773636ac86aabaadeed1

    SHA1

    ac0d3d0deaef8cc0e8f6f458bc74f919e8e49ca3

    SHA256

    71c530b6c64b490bb6d6c30fbf075941af3ed68549449ca74224247a1ab460fd

    SHA512

    e908e0734316ba53950731b7c5f6ef5085e894b68d2bb1df487e6aecaa91a2eb0cd09e8af10ac759bc3da4924af0b074b8d70b865e330eeecde5e68863f97fc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar498.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2264-0-0x0000000000400000-0x0000000000B24000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/2264-354-0x0000000002490000-0x00000000025C2000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2264-252-0x0000000000400000-0x0000000000B24000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/2264-1-0x0000000002490000-0x00000000025C2000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2264-2-0x0000000002490000-0x00000000025C2000-memory.dmp

    Filesize

    1.2MB

    Download