Overview

overview

7

Static

static

3

079948a928...e9.exe

windows7-x64

3

079948a928...e9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 05:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    079948a9284812aff592431abc22fde9.exe

  • Size

    1.2MB

  • MD5

    079948a9284812aff592431abc22fde9

  • SHA1

    9426a8efb4621411443ccc0ae270009c6d65da1f

  • SHA256

    ed2d006554ee9c805436f36401b12a93c9a02bf26ff82715edf7d10a36b91672

  • SHA512

    0dba21c93406d65caea35d78fc25d58baaa46d06a73bc5bcac684bda1d733442ebc66b98385573fe178e21d43b2f840a33aacae3bfe342c56e55d61980805227

  • SSDEEP

    24576:sxnb2ZQitric5YolGCD+7yiOM8INswqk3XqVh5OuwTpp0r43CDrm:lZd4c5YyGCpMB9qkXqVTOtTpp0r9Dy

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\079948a9284812aff592431abc22fde9.exe
    "C:\Users\Admin\AppData\Local\Temp\079948a9284812aff592431abc22fde9.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4796
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ww.jinzhao99.com/union.html?P=3459&m=0&verifycode=AF7A87G8VAF67ERW8F734RKFD8QR87REUED8KJKS2348FLFY
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4552
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4552 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2260
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://play.tenoad.com/DirectLink.aspx?placeId=10985
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4960
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://new.egooad.com/DirectLink.aspx?placeId=11849
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4280
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4280 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3996

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
          Filesize

          717B

          MD5

          60fe01df86be2e5331b0cdbe86165686

          SHA1

          2a79f9713c3f192862ff80508062e64e8e0b29bd

          SHA256

          c08ccbc876cd5a7cdfa9670f9637da57f6a1282198a9bc71fc7d7247a6e5b7a8

          SHA512

          ef9f9a4dedcbfe339f4f3d07fb614645596c6f2b15608bdccdad492578b735f7cb075bdaa07178c764582ee345857ec4665f90342694e6a60786bb3d9b3a3d23

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
          Filesize

          192B

          MD5

          c3329c863262674ae22b96c4be76b4b9

          SHA1

          d9fbcb74ebb5f0274547360c2176e91a07b90e88

          SHA256

          bfd8e28883c2a760035b3f351cf9f52c31dabd16939c119d6a58031260304f8d

          SHA512

          2793032dc8fec09f8ac27e50135650746c0188e212b9ae890d230526a620cb592de6cdd8f99ff312040bcadd01675c50deab4ef559b0063dbfd54ca524978000

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A8165D0-A46E-11EE-9ECD-7E4216712C33}.dat
          Filesize

          4KB

          MD5

          9f3dc6d3ee6af2eb97b48f22ad81af37

          SHA1

          83ba3224cb51933bc4b6ae3e32e8169c2ccbd00b

          SHA256

          88efc1fc4f6b8ba5fd157fc5d22c7ea40ff84ae3edb74ba1a26dbfcf6a64c251

          SHA512

          26e785e6088f94910f2ea7d7c31b58afd71061e18aca68e14175bedeef4333f83786720d610b1d04990fc1a83374f04814f090df11875c1fdc9e823181212c02

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A8165D0-A46E-11EE-9ECD-7E4216712C33}.dat
          Filesize

          5KB

          MD5

          7d89306e4f5e1ba56ae7074cecc37a3e

          SHA1

          2933505629e6fe36fbdeee39e560feaac33275bd

          SHA256

          d236e0f601c7c7ecf937def57915ecd450beea1c8aa28469bc14c612c69b7976

          SHA512

          06278bf58cd3562165712b423dd6ad2c37aa853239b3440dfd6bc8714f2c27c0932084a87e02066877515d51a5b4df7da82c26d9588d639123f8337654c9c58f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3A888CC1-A46E-11EE-9ECD-7E4216712C33}.dat
          Filesize

          5KB

          MD5

          b805f44cd1764e14a2eacc9587b08efb

          SHA1

          323d2db1c62fe00aea334c43bd4f5aa097f6a8e8

          SHA256

          88e8d7d8329c3890546a88eff36c45935a4aa43277aa5e854ca935599e653c10

          SHA512

          4bf63049f2687f3ee20787b5122e54d585b59c1ed0dec50682aa661c680a46cbdb71a45a5692d7b21fab823bb5e02e58f65f37373b36285bc1db6da957c6f651

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC10F.tmp
          Filesize

          15KB

          MD5

          1a545d0052b581fbb2ab4c52133846bc

          SHA1

          62f3266a9b9925cd6d98658b92adec673cbe3dd3

          SHA256

          557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

          SHA512

          bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\buhspo8\imagestore.dat
          Filesize

          12KB

          MD5

          edbe6685bf0980d038b9fca53a225424

          SHA1

          d649ce24c1d5e06b832eed9bbeac34551756c8f1

          SHA256

          32bdf5d61acfbb30b012ec0e5afa55855e3d969cb13d67dc9da3d8477127dd95

          SHA512

          e7ab1848bb799fdb9b222ca9c0219246c05a43926990c4479766fba20496a94523eca8c63520b25a1f84d30864d41676767509e7020463c4638974af0138f616

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\buhspo8\imagestore.dat
          Filesize

          9KB

          MD5

          2acefbe65e3c6fd374a90181ce38bd84

          SHA1

          e4e96a00c5ac3d80343f0fefa67bf1b8d4b0a4e0

          SHA256

          e32c52f891876159412a66637b5cd2cc0e47a1c87d1fe9ac9673fb9760ae2381

          SHA512

          f1c98b7859d5f962285b1bebd97b23a0c15c4545c8db152a3c81431f9610b3440082384359eb48460b1a5032f27a706dd0aef4711c9abaa1def15fd74112d36c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0SGFK56Z\httpErrorPagesScripts[1]
          Filesize

          11KB

          MD5

          9234071287e637f85d721463c488704c

          SHA1

          cca09b1e0fba38ba29d3972ed8dcecefdef8c152

          SHA256

          65cc039890c7ceb927ce40f6f199d74e49b8058c3f8a6e22e8f916ad90ea8649

          SHA512

          87d691987e7a2f69ad8605f35f94241ab7e68ad4f55ad384f1f0d40dc59ffd1432c758123661ee39443d624c881b01dcd228a67afb8700fe5e66fc794a6c0384

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BMK4G1YN\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ISEWAASI\errorPageStrings[1]
          Filesize

          4KB

          MD5

          d65ec06f21c379c87040b83cc1abac6b

          SHA1

          208d0a0bb775661758394be7e4afb18357e46c8b

          SHA256

          a1270e90cea31b46432ec44731bf4400d22b38eb2855326bf934fe8f1b169a4f

          SHA512

          8a166d26b49a5d95aea49bc649e5ea58786a2191f4d2adac6f5fbb7523940ce4482d6a2502aa870a931224f215cb2010a8c9b99a2c1820150e4d365cab28299e

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\favicon[1].png
          Filesize

          2KB

          MD5

          00b726752e8713453d31b694d4f74b89

          SHA1

          122742a4ce71b668801ddcc8db72f07730db290c

          SHA256

          45d8a46c7758c43f32db8794520cbf03604db83734c969ca80d3b356f8360b37

          SHA512

          75660a291825839b5fd42b269bd501a9c81a5426adaab17d7b368687194da769a1373b3b5c20476085909c6f0fa5391e9b3c30714bc4be5b6e405ac018814367

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\QTPKWBD2\favicon[2].ico
          Filesize

          9KB

          MD5

          1af6c08eb07f675c862fa3cd50640511

          SHA1

          bfc9fbddea831a3cae067a570bcb4450280c7f45

          SHA256

          7fc7fdb7ea134949cefdbd00ac02724e091e0201c1cee06795f84db28a1586d4

          SHA512

          163ab2dfa0aa242f55051c914bb467c7e3eb8163f0736548f6a26d1c5d12fa4fc21db08067cedfc96465627d27a840cf347f42d35f4e24129deceefde54d167d

          Download Submit

        • memory/4796-0-0x0000000000400000-0x000000000071D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4796-102-0x0000000000400000-0x000000000071D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4796-104-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4796-3-0x0000000000400000-0x000000000071D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4796-2-0x0000000000400000-0x000000000071D000-memory.dmp

          Filesize

          3.1MB

          Download

        • memory/4796-1-0x0000000000CC0000-0x0000000000CC1000-memory.dmp

          Filesize

          4KB

          Download