Overview

overview

7

Static

static

1

0ebc04d567...21.exe

windows7-x64

7

0ebc04d567...21.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 19:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0ebc04d56744bc1e2c057c3f8a12c821.exe

  • Size

    109KB

  • MD5

    0ebc04d56744bc1e2c057c3f8a12c821

  • SHA1

    6b832ea88c234a1430ee10e51f844b9253379bd5

  • SHA256

    1410a10b0d8a899b65e75be215b96b181bbc3e351ea67aeae940ec16877711a7

  • SHA512

    fd1d976cc40b3639fcb6bc8b9be571004af453fa28b0d853ed1fc195ad6788a3193e0d8c852d7e184895778657f25e1568f9f42c73999c143ac9e0cb674da83a

  • SSDEEP

    3072:rX7DItrfaocyTgfsqQOlJVeqgKJ+BC7zIogZc8dgq+Ja:rsaocyLC3gKrtMc8eY

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ebc04d56744bc1e2c057c3f8a12c821.exe
    "C:\Users\Admin\AppData\Local\Temp\0ebc04d56744bc1e2c057c3f8a12c821.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cs-site.ru/engine/download.php?id=814
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2524

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c7dc6e576c2fbec87f7ef60f50bec825

          SHA1

          301cbef47a33e1c41cc2b7e4307ab0d565cdbe3a

          SHA256

          ffc55c24f5dbc27795ad9a7a84a84fd2994d8b267b14a9f20b6e9a8bf08e10ba

          SHA512

          e08a49121abae88963c18186ef7bd8dd9c28928e5e65e165f983f3162e52516df3cbce22272022fa7078acb0bf5764e0fe3bdb0c20ebeef670de4a971dd86705

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          03c2fec572f3d0830b4d20fc4ffda799

          SHA1

          39156efbcc0a452b1402e16bd05e73706345144a

          SHA256

          e7e76c1b32a36c5e03457f79c1bfc6953d0c45c5b18754baa436370e2cf52a42

          SHA512

          d0e255aa5537e1401ba2d21ec22f7a3f38fcb58a92e844b8be2d0f80fe7f8a7ffcf98d5c320fa538b66bca7254900e868b62a7c18eb18a4debbd4f2d135d5b76

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cd86c41c150457d079aede64b644852f

          SHA1

          55c5f8db44c6a013c1e701912dca0eebc7b1b225

          SHA256

          ec386da80f1833fc4636e947b20533ff3856307cf8a53cc941d65e81b60c0476

          SHA512

          ee3092dfb230827e510aae481876be8b108518c982847c307c7f646fdcd1f1166646a15b50c0d70328c74573ccd87912637715b21d76144d5981c693cebe8b25

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5d1263f335a0b2d36a7e6796a8f7006d

          SHA1

          20a95201b82c4808f596605bdad9a74919cfa207

          SHA256

          da523d730afab669bdc1889839337cf1fd981e0ccd804c6351d4c9a51ec1b79d

          SHA512

          2a921b634cce3dd4e9a1cc1d1c76d4adad0ab847e7d2f1e58e3f1a9546047415123bb5436ccc2867ec70ccce79730ee1d137efa96b9e3fa33505ff17b7d60a78

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cb1f89207653a65c5c386b2569b33ebd

          SHA1

          5bfd987ed5438b0b2747802fd7588651c31abb6f

          SHA256

          c2bffd30def7176ab0b6c9649de3f849ab753f022d8a7201326ef60fb253edd1

          SHA512

          3fadc0255b81e0ad2dabce159502d468374f8d886f0e2b4b4fa1f8615c46e6013e9f96062d18ecb69196a4b3bf7dd8825ebfdd66b0de9fc7cce07796a82f5b28

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3bb4f247afbbe053b80c0a1d6a35c24a

          SHA1

          10f7724f2ea4db6638954bddf190a596bcff00dc

          SHA256

          f987b42e30ffdb63fbf764ac0f0cc0c6d1cdf5e949660cb2b85c4d8be76e56f2

          SHA512

          96438f02957db92afbaed1f8b15161c21ef6f2d59522c1acd3022bb6fadb8d98f83a598cde7fc5ff616fcae06e939a2ab4dd5d29c70532cf7cd1a78e499b30eb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c349ae0b5b4f8f289d41adcc27c7a0d6

          SHA1

          93ca5243258054945852bef287d92d9c54b6502e

          SHA256

          d96794e8719967f12d41d29fe4995c36b9e580b354fb7e3744bb486772ec47cb

          SHA512

          38cd9150f2a2cc15279e65b3f8f3e21ff76b65d2dd4e4eead6354f5e40ebee376c8dcbc034207471a3f5b7b097db5df1ba3ba49bd1f3265af65148b98bd67a91

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          588288bba02118cd072fd814525c09f1

          SHA1

          25a0c75d632c1602360551c731e196fe7ce83c44

          SHA256

          23090d000bfe26b37882d5c30cc567dd52537843db25bb1da1a7a4f72be7434b

          SHA512

          61af47d563d0d5f42a5bc648aa69fbee39730c7d252e9f0d1b15d5275143c8c1920b7b26182abe564191b2d0e711e079032eee8f3bc10ae4da44f3e71f31c839

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          206535e1391544efe1373e07316dd058

          SHA1

          66a195e857d4b8437ffb706eff6b9650176474e9

          SHA256

          837d21f1729bf86b09ab5fcbf643d3233b4f21eb366adefe25bde733eacbe559

          SHA512

          f3e89474e9566bda68f44b6bd1349f048aa2884e4056e1ed038eea5a2aa8d78652201fbde22d01a49229f015a57565ac8ad09bfca5ef32d1225949a0ccf03875

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          80dc9af96e38c8794d3ea3cf72019e95

          SHA1

          a656b7b2b8d5141b3c3e9dbf3a5fb9b62db41ed4

          SHA256

          f4de944f7a9dbe041bd242e0903069b58527cc81e8f0da5c363d5060f45b5138

          SHA512

          ca46fff4242ced97c27d4f6f9e4d164f12fc62d28c9692944cfdbed255b7b5b0fb704ad9d59c32f7b7e7427019310083a94a3e89a3c1008b3dbedf0d6c7b5b0d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ead66317053a57fc753543cf6b895c2b

          SHA1

          082b762c236cf52dfc727676514edc81784163a6

          SHA256

          a1ab9a67312b4e17b9f4c1b67f186c12c3b2e407cd01c0a6cf0deb2d64aeccfd

          SHA512

          caafa05002dcc60b031dae40495514b5a3f5d0c32f3d1034a4d63a46e2dd1add2157b0270772cc49f219cbac457833a99bf703718f61cb3d6b76a0e4db4c9614

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          00f729c16af131970742d792ccc1a0fd

          SHA1

          d5e88eb7af9851c0f393d4cf141be540414ac87e

          SHA256

          f9929bdfd1aa3d6f5c7c4f1a547de02878271b6e64908480dae7172493afbb15

          SHA512

          bccad15f00f0c3deb53ce3b755d6980b2ba1522e2f8e4ad7104eece61c35fa7c9e1c9f93c4739f22c030898bd72928e3b14c0529ac954d0f706fd48942128926

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\P7GELWRC\cs-site[1].xml
          Filesize

          1KB

          MD5

          8c8f32abc7076f676b4258bf9decafd2

          SHA1

          1e7b8213a0159ea409321dec6f0640a48200977e

          SHA256

          06defc51d65ad8394d518bb12b0f97babe28431843d740a44d92a40b3504a4e5

          SHA512

          d195631ea0623844c5d6e0d6fe219fc78835dde420a31c804a98960490ffecf3713973643ce72aa437320efb69277a643d2ef2da3661e9f20fb59ff5a5d43ddb

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\favicon[1].ico
          Filesize

          1KB

          MD5

          81ee944a689134e6dbdd0017192fa1bf

          SHA1

          c979a1b743da9585262037525cbc6324267e803e

          SHA256

          77b085cb81ccac997620331e33573816f55778543379c29b815ab28471aa7f58

          SHA512

          c50200e66deb51f0c188f5d5fad1f2ae5bac674166e99667eec434533e9e1233ce176b4cdfe51e4b1572cf385e0254f5f6933d0027f3d815be0ab4f07b68e136

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3AE0.tmp
          Filesize

          6KB

          MD5

          1981264d37f6005578ceabd181b0d962

          SHA1

          f497b41d9a1413f4507479a315256d1323d5794a

          SHA256

          843031c4bb19ec46ace2db291e87e8d819afe2a95ff13f70e53ea79f0da241d6

          SHA512

          8048b2cff3c3aa98c97c3e684ddd24762e0204a4e6ef09b30d292b0df21ab6369d7637e9394a79123529f2cd5c29f34128afc7be66960c4433865079fab8b043

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3C79.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsd20DB.tmp\System.dll
          Filesize

          23KB

          MD5

          125aebb055446fb52aa5956cf99e8a9a

          SHA1

          6b58fd08a8ff2763219cc6b0dcdb875f9970f850

          SHA256

          2e1b11ee20e5061ea86dc6b01e3efc659e887540afcab7317cdfd6a8eff87ec3

          SHA512

          5f85e48bd3ae2fd2be0595b93cbf74674e0281210688dcc73691178b295a702e8d43898afb6e5d8b7e82de98b4ee28194c9838ddf8279cde85f7fe48d34dc8b7

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nsd20DB.tmp\nsDialogs.dll
          Filesize

          11KB

          MD5

          790d227d847f7571c8d58a79057a469e

          SHA1

          75c347b1441383c61166b615dfd6e7e65b04629f

          SHA256

          37e99ab9db0045870e31db147438cf0c69b6fcdec4f3737a9743c447cbc0c3c0

          SHA512

          5821605bfb3e57ddfcc1a74829968814aae92b13cb713ef3628913d9112d493117e8aa9cc437770facdcd2d4bd1e53a271d491e6b4d3e4cff53bd027f4b07f4c

          Download Submit

        • memory/1964-12-0x000000006E940000-0x000000006E94A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1964-11-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

          Filesize

          52KB

          Download

        • memory/1964-10-0x0000000000400000-0x0000000000463000-memory.dmp

          Filesize

          396KB

          Download