Overview

overview

7

Static

static

7

02e908ecfc...40.exe

windows7-x64

7

02e908ecfc...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 03:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    02e908ecfc55214b24520326b8340c40.exe

  • Size

    10KB

  • MD5

    02e908ecfc55214b24520326b8340c40

  • SHA1

    d1a5eb4c7bcc4bfc94cde48bb63c1bc00f5e99d0

  • SHA256

    d59d572181e70545aa78ab78a25d1d5eefdbbf383bab40d813ab36cbed9c3584

  • SHA512

    6a597c54c246bc41bd50112e9e04f4901e9b297e9cde6fd5b2acfc42796915574984efc14ad76dbada0c503c686c17767d29da44b099785b424efc1655f32c21

  • SSDEEP

    192:OG1bleRma2oK0m2fOqjFZXl9YGfY+YTOPgSN8pFc/Eo+msB:OEl+G8pfIzTSN8fc/Lb

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 6 IoCs
  • Program crash 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02e908ecfc55214b24520326b8340c40.exe
    "C:\Users\Admin\AppData\Local\Temp\02e908ecfc55214b24520326b8340c40.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://lavaporn.com/out.php?link=free
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17416 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3172
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://lavaporn.com/out.php?link=free
      2⤵
      • Modifies Internet Explorer settings
      PID:4524
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 768
      2⤵
      • Program crash
      PID:1908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 772
      2⤵
      • Program crash
      PID:428
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2972 -ip 2972
    1⤵
      PID:624
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2972 -ip 2972
      1⤵
        PID:5088

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
              Filesize

              2KB

              MD5

              51089f9f8ab11325cb20abd26c51f8d7

              SHA1

              9f76b4b52b751963da846398f8e0485058324945

              SHA256

              d39fca78001fd5ab9b0f6cc610d1fadd1d118dfa49e1106cf4a857cb410acdf4

              SHA512

              288dde7f92182766decaa3c615bfaf10682139abb592d1f90e911bba17d9722b6284b5246cae100e01831a7d11529da1778873f9d34aba3a324f970760b4c8d7

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9B02CA46707A5EE59BCDA9CBFC8BF29B_0C8D65A7C91C37A31D109EC112CA1075
              Filesize

              2KB

              MD5

              e3fe03a5567fbd085428e55179066b29

              SHA1

              5840e1bf55d907a03ea3b811b961572a9cd10763

              SHA256

              fc58d26d8b22113991d5c2bab6d80f0e0cced8c125ba589927763e0b0efd5cc5

              SHA512

              d8aca6092bd8858e853e02fd04376a25198cd2bf2f16ebc051451cc8a03a79962642ac216b1af79378bafa663732a5adfc7a7995e07b506c5780d251077aaa7b

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
              Filesize

              450B

              MD5

              9a250c52595a1d426fdfa0e40129883a

              SHA1

              b630514d44a66b40b1f2341631601570aac20de4

              SHA256

              47dfca5aea81328daea179b893c15273a60c34dbfe4557618b283e7a4dc48448

              SHA512

              a696cd038140e55c332256a44678b92dd965521ae54f4f7b5f865ad89c391e7439af432cc5d12dca9421bb22fe7a87750f5be47ed8275735567e33f4275f8fed

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9B02CA46707A5EE59BCDA9CBFC8BF29B_0C8D65A7C91C37A31D109EC112CA1075
              Filesize

              458B

              MD5

              ac7e7c4a5076f56ab53b5f03550a2967

              SHA1

              c22a328dff55678e130862d546b1a84ae2b3f08b

              SHA256

              49358d06ccda1795e11379f5766034a2205f5938f5c83cb12ec79a39017a9bf3

              SHA512

              66a773325d44007a58fc2a76b41639b171803c569c4e1897b405732e51376b0537ab57146854a04b8a014a6bc5f3b7250a876cad0f0eafa8ca9b99b1f11ed636

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verCE6C.tmp
              Filesize

              15KB

              MD5

              1a545d0052b581fbb2ab4c52133846bc

              SHA1

              62f3266a9b9925cd6d98658b92adec673cbe3dd3

              SHA256

              557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

              SHA512

              bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\traderslist14[1].htm
              Filesize

              12KB

              MD5

              cdedfa2739174ecbe1d917cccd39a997

              SHA1

              5692f9c2e13c4218661eb90ddfaec0ced6c15a79

              SHA256

              f1021db34e41f7a1749672945dd2b77235bd04184376f8ccfff07e613a53685d

              SHA512

              9ac63c2f46ae781c33ef188a6c2837e452a2d008028eaedd17199748e3c079df45efe4a6ac1e631769b60582d50bf34b993cdcf3607157ec64ab35afedf1570a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\px[1].js
              Filesize

              476B

              MD5

              d2183968f9080b37babfeba3ccf10df2

              SHA1

              24b9cf589ee6789e567fac3ae5acfc25826d00c6

              SHA256

              4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

              SHA512

              0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R977VUU4\suggestions[1].en-US
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Windows\ie.dat
              Filesize

              10B

              MD5

              f4d93983120515fbd85b64e090576c89

              SHA1

              51ec68eda0de1709d9b8b2e49d36f657d23d521a

              SHA256

              5d6d788ebac6174434d2cd3905ad4bbe5fb9c2bc95cbd68429054780a6db3f19

              SHA512

              471868dc41415924beb9b47c4b899eabed9746763822d53b0e1582a70223fd83793086c8d51775665172cd0d6958fffb44b04c53e66fe5462464eabc638c90c8

              Download Submit

            • C:\Windows\ie.dat
              Filesize

              10B

              MD5

              f5805f8c547a0fc3d254cda82fc07792

              SHA1

              e1987d3483bcc93683dba5d8b4c11b46068cac8b

              SHA256

              28e865f144079e0d3974b7ef28a3a1837738e8fa4d6b530335eef121486034ed

              SHA512

              3681d972f25854e29b35e82c9b976a00eb944fea2300ba836a1aec06460e5321b9bc83a259c38c162158264c1e19c763eac583fa570985ecf4398428a28dfc3b

              Download Submit

            • memory/2972-67-0x00000000004A0000-0x00000000004AA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2972-0-0x00000000004A0000-0x00000000004AA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2972-47-0x00000000004A0000-0x00000000004AA000-memory.dmp

              Filesize

              40KB

              Download

            • memory/2972-100-0x00000000004A0000-0x00000000004AA000-memory.dmp

              Filesize

              40KB

              Download