Overview

overview

6

Static

static

3

3ff64afe2b...31.exe

windows7-x64

6

3ff64afe2b...31.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 22:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ff64afe2b516d3fc226944679301231.exe

  • Size

    360KB

  • MD5

    3ff64afe2b516d3fc226944679301231

  • SHA1

    4419e2feeea5578dfa5b6b9c068e92137bb3cef3

  • SHA256

    3f90e762c6bdae24abe203e8940e39cfe365e0c0a17279045dc10a58942ef7c9

  • SHA512

    164a1dbb53adce7baa8775b4e33b039e216a205c157e69915a5312a04856acded07e2b39e4a90754fa06da8763f9749e2143a39f2d5172be92e3f3c20257e487

  • SSDEEP

    6144:5M6wd5jmLv3EQTIJ+IvcFm9AyvYwpJ3da8gQt6rHJMj:5M6wda3EZrKyRgh

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ff64afe2b516d3fc226944679301231.exe
    "C:\Users\Admin\AppData\Local\Temp\3ff64afe2b516d3fc226944679301231.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://127.0.0.1:8081/exitpp.html?
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2456

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    333273c250a7ab316afa8c41f167f551

    SHA1

    e0e2a0ede930dc7c3970fcbf70eaca63e5376f19

    SHA256

    e8f3f2cdbdd5d0514e732708059588879226d7248fef8a2556b3b6c67e74b50b

    SHA512

    fc50d6b209f94817c0f8c442abe228fb13918e78087cd21a87fa34a10f1b5f79c9754c5b347652aeaf0dd1de1e4cf6fde4711035ab987a6ac9bc0a243e58d170

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0f76757a4954b7b35b55538eeafdf98b

    SHA1

    4a4591569fd888eb5faec2e910dd4afac9e34cb0

    SHA256

    6a46c0c58382f3eaff3b090141bbc9c06706dd43dcbbbb52058e26b911cd7a9f

    SHA512

    b825b4439744f3dba674c27fba0e4f74543c975d56b11145d5adc9ec4bac441ac7f62883fab96e77693d724bf03f0e97f6b945c681494255dfa3a98addc1ae9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9dc7eade16dce036c21e0f5c8ca9f48

    SHA1

    5b7638942f44c7839d71f206a423672cb61b04f4

    SHA256

    a5e5f448bc114d27b5714596f0322d2fc7741373ea4a16ca653b2e8f242925f5

    SHA512

    2c2b32979205aef7c3e4473f5cdcb1e5e12b865cceda082991160d46497a9300af19fe51383d3e23f886aca767692e6c6e2bb273adc74e8dc89021687ab3fc47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68c4b15700b9f6a5f175472c8c17dd45

    SHA1

    f30cefa1bb71fe5ecab8c48e9eba96b1d6dfc0b9

    SHA256

    c9abbf0371cdeb48967d606cd5630e3c9fc53544c0c1adc82d6f5981658fe504

    SHA512

    b9d2163d66f71486d18180311824e95ba998e8eb47ba3517351d3d0d13958068465304bcfda555142b831541f53d8f96322619c9625557078a960932c91e8ca8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61c4d5ef632a033f8328a4ba16f8ae0f

    SHA1

    46e51290d948080b7bb6ef9e0d117fa27097378b

    SHA256

    db2c5651b06eefec7a86bb35babfd608242ea1042ae73330c49521f3ab00649c

    SHA512

    b521feac57ccae5b3ca7e287f01664d56fc327d7f3e02471b80681aca196ee797833128f0935266f58ab8e8ffe6f9a5991ba670557e8a086df367c267f22509c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f850dd4f8f4a6c2170b3c541c6d45dac

    SHA1

    bc11f54a7c40ff80c1a45c33671238b73e72d26d

    SHA256

    bff1ac78f8e959276ea41a7b8a013fd6885d49c4942248e801f0f8dc2647ce79

    SHA512

    57f63032159816b18206c32a639508cd697d4232a70f70dfd5b060d5a5c59a35dd37294b32d4b00abe056c754fdea6190d2f065a37d172b418b5339c57030726

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cea2dbfd2580381e90226955bf88ab13

    SHA1

    c270c8be64e77183129f9ae4f9cdb97d917ac820

    SHA256

    12a61c7a7df6d47cea9a2e89d0731b0ed6798ce0522c910855d5a94f7400e5aa

    SHA512

    dbf302ccbeca2672501e6da34930c0e6022db03ab6e9ba09218aab6730320412238582efd03920cffeccd7ec54337616d57cabb8c49b14ce13ce458826e1622c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e73240c3c3856af1f527cd0571e73a8

    SHA1

    8482f1665e9da44d68de4b8861f1234ea366bf6b

    SHA256

    6c29641ef721ff2bc42d93b8402c7d550c822dbc276b5857f0968e23cfdb0998

    SHA512

    5a2f6389e1aab8ed8245136feafc964ed4d8583876b9870bcf5efbd9a1afb3ba2899b1737d1b45f99ca0f6ebbba222fbd00fc27a4baa37c5350ed0e29e83b5e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f93097692e8f42a1e2cf818731adf6a1

    SHA1

    1b157fab2b56afa7a3ff9182c8359637a4fa4df4

    SHA256

    32bda271221ed6643eb5dadcb3ab0b3fcaad3bc1437375eaff27268b0caa7414

    SHA512

    9ab90eb3b1ec1129cc1f26c27166c1652ba5959d5295a2206db4d81f30c75c0834a77fe62c94dc78b864a88fff88e6bd1071e8c1ee3137382b25b420befcb3b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89550657027a2ca834c04c9ab73a4f18

    SHA1

    9550b2968c0ecc57e6da5b3b42e5bef31ed319f2

    SHA256

    17723bb0441159f16c4a1a25f76847f376849d9070d3ae5301acbf1a245b2e6f

    SHA512

    3731628919ce25b2de325b52390d1dee351a29883c3a5fe5bfe39d0c5a5e7545bb6129ed97c21cd88846de58d1eef72051ec9bc716ebdbb1a4def2dcef73ffef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86d26621e0851481c1ce11d12e8a67c4

    SHA1

    69026732eece5aa6d33b5d7598c18e8b02870eb5

    SHA256

    1ea08f51362f142bbb6d846673889af630bc79e242e1626a81165c019ae9f43a

    SHA512

    170968eb400b7f23d12000255aeed1f3f4ca66d234fb8a87f4e29fa0d9edbc1ababe18f487e010c73c9db9ac901314ce9c04849e2dd680a639f2454038da1bbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    30605b621d7f9aa7edb6521359398e6b

    SHA1

    5622ff97307698b0c9c1bc9bce71679c23414b5a

    SHA256

    af48c2674d057d50bea933a35b4cd32f316f8321b9661010ed0d472bd2f9a0e0

    SHA512

    2a60bb9190f739bcaa17bcebbbf4e8f11a0ddec9f7722b79aad7c7abff12938118c37c17a4b676466f2f7db9f33553c4a116d4a22846a9d8ee5b6e739ab2cc20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar95A1.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1392-0-0x0000000000400000-0x000000000048A000-memory.dmp

    Filesize

    552KB

    Download