Overview

overview

7

Static

static

7

02e908ecfc...40.exe

windows7-x64

7

02e908ecfc...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02e908ecfc55214b24520326b8340c40.exe

  • Size

    10KB

  • MD5

    02e908ecfc55214b24520326b8340c40

  • SHA1

    d1a5eb4c7bcc4bfc94cde48bb63c1bc00f5e99d0

  • SHA256

    d59d572181e70545aa78ab78a25d1d5eefdbbf383bab40d813ab36cbed9c3584

  • SHA512

    6a597c54c246bc41bd50112e9e04f4901e9b297e9cde6fd5b2acfc42796915574984efc14ad76dbada0c503c686c17767d29da44b099785b424efc1655f32c21

  • SSDEEP

    192:OG1bleRma2oK0m2fOqjFZXl9YGfY+YTOPgSN8pFc/Eo+msB:OEl+G8pfIzTSN8fc/Lb

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02e908ecfc55214b24520326b8340c40.exe
    "C:\Users\Admin\AppData\Local\Temp\02e908ecfc55214b24520326b8340c40.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://lavaporn.com/out.php?link=free
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17416 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3172
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://lavaporn.com/out.php?link=free
      2⤵
      • Modifies Internet Explorer settings
      PID:4524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 768
      2⤵
      • Program crash
      PID:1908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 772
      2⤵
      • Program crash
      PID:428
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2972 -ip 2972
    1⤵
      PID:624
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2972 -ip 2972
      1⤵
        PID:5088

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
        Filesize

        2KB

        MD5

        51089f9f8ab11325cb20abd26c51f8d7

        SHA1

        9f76b4b52b751963da846398f8e0485058324945

        SHA256

        d39fca78001fd5ab9b0f6cc610d1fadd1d118dfa49e1106cf4a857cb410acdf4

        SHA512

        288dde7f92182766decaa3c615bfaf10682139abb592d1f90e911bba17d9722b6284b5246cae100e01831a7d11529da1778873f9d34aba3a324f970760b4c8d7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9B02CA46707A5EE59BCDA9CBFC8BF29B_0C8D65A7C91C37A31D109EC112CA1075
        Filesize

        2KB

        MD5

        e3fe03a5567fbd085428e55179066b29

        SHA1

        5840e1bf55d907a03ea3b811b961572a9cd10763

        SHA256

        fc58d26d8b22113991d5c2bab6d80f0e0cced8c125ba589927763e0b0efd5cc5

        SHA512

        d8aca6092bd8858e853e02fd04376a25198cd2bf2f16ebc051451cc8a03a79962642ac216b1af79378bafa663732a5adfc7a7995e07b506c5780d251077aaa7b

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
        Filesize

        450B

        MD5

        9a250c52595a1d426fdfa0e40129883a

        SHA1

        b630514d44a66b40b1f2341631601570aac20de4

        SHA256

        47dfca5aea81328daea179b893c15273a60c34dbfe4557618b283e7a4dc48448

        SHA512

        a696cd038140e55c332256a44678b92dd965521ae54f4f7b5f865ad89c391e7439af432cc5d12dca9421bb22fe7a87750f5be47ed8275735567e33f4275f8fed

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9B02CA46707A5EE59BCDA9CBFC8BF29B_0C8D65A7C91C37A31D109EC112CA1075
        Filesize

        458B

        MD5

        ac7e7c4a5076f56ab53b5f03550a2967

        SHA1

        c22a328dff55678e130862d546b1a84ae2b3f08b

        SHA256

        49358d06ccda1795e11379f5766034a2205f5938f5c83cb12ec79a39017a9bf3

        SHA512

        66a773325d44007a58fc2a76b41639b171803c569c4e1897b405732e51376b0537ab57146854a04b8a014a6bc5f3b7250a876cad0f0eafa8ca9b99b1f11ed636

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCE6C.tmp
        Filesize

        15KB

        MD5

        1a545d0052b581fbb2ab4c52133846bc

        SHA1

        62f3266a9b9925cd6d98658b92adec673cbe3dd3

        SHA256

        557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

        SHA512

        bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\traderslist14[1].htm
        Filesize

        12KB

        MD5

        cdedfa2739174ecbe1d917cccd39a997

        SHA1

        5692f9c2e13c4218661eb90ddfaec0ced6c15a79

        SHA256

        f1021db34e41f7a1749672945dd2b77235bd04184376f8ccfff07e613a53685d

        SHA512

        9ac63c2f46ae781c33ef188a6c2837e452a2d008028eaedd17199748e3c079df45efe4a6ac1e631769b60582d50bf34b993cdcf3607157ec64ab35afedf1570a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\px[1].js
        Filesize

        476B

        MD5

        d2183968f9080b37babfeba3ccf10df2

        SHA1

        24b9cf589ee6789e567fac3ae5acfc25826d00c6

        SHA256

        4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

        SHA512

        0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • C:\Windows\ie.dat
        Filesize

        10B

        MD5

        f4d93983120515fbd85b64e090576c89

        SHA1

        51ec68eda0de1709d9b8b2e49d36f657d23d521a

        SHA256

        5d6d788ebac6174434d2cd3905ad4bbe5fb9c2bc95cbd68429054780a6db3f19

        SHA512

        471868dc41415924beb9b47c4b899eabed9746763822d53b0e1582a70223fd83793086c8d51775665172cd0d6958fffb44b04c53e66fe5462464eabc638c90c8

        Download Submit

      • C:\Windows\ie.dat
        Filesize

        10B

        MD5

        f5805f8c547a0fc3d254cda82fc07792

        SHA1

        e1987d3483bcc93683dba5d8b4c11b46068cac8b

        SHA256

        28e865f144079e0d3974b7ef28a3a1837738e8fa4d6b530335eef121486034ed

        SHA512

        3681d972f25854e29b35e82c9b976a00eb944fea2300ba836a1aec06460e5321b9bc83a259c38c162158264c1e19c763eac583fa570985ecf4398428a28dfc3b

        Download Submit

      • memory/2972-67-0x00000000004A0000-0x00000000004AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2972-0-0x00000000004A0000-0x00000000004AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2972-47-0x00000000004A0000-0x00000000004AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2972-100-0x00000000004A0000-0x00000000004AA000-memory.dmp

        Filesize

        40KB

        Download