Overview

overview

8

Static

static

7

060192beee...8d.exe

windows7-x64

8

060192beee...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 04:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    060192beeeeaf3f18ac753c60d30458d.exe

  • Size

    250KB

  • MD5

    060192beeeeaf3f18ac753c60d30458d

  • SHA1

    91ec55b79165525cbfe6d96ca96370da58ef8934

  • SHA256

    e2c6b02b57216d4512fce5e4794e7b04aa071602a7c8ce48037210bd4fc43353

  • SHA512

    db75898499e415e780c216f0d6da11062ef19e8ba115b52cc6648750e96245709eefbbf755f3e670ea1d4e785309fd6aa651d84046652cc79767ab42985ae115

  • SSDEEP

    6144:ehieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:LeKrJJuf86AYcwoaoSbr

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 48 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2664
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2228
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2508
  • C:\Users\Admin\AppData\Local\Temp\060192beeeeaf3f18ac753c60d30458d.exe
    "C:\Users\Admin\AppData\Local\Temp\060192beeeeaf3f18ac753c60d30458d.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\060192beeeeaf3f18ac753c60d30458d.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:524
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:1932
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2872

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\WinRAR\winrar.jse
          Filesize

          11KB

          MD5

          9208c38b58c7c7114f3149591580b980

          SHA1

          8154bdee622a386894636b7db046744724c3fc2b

          SHA256

          cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

          SHA512

          a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b24437b5bdd4737216d89be96dc2156b

          SHA1

          e3401d31cc4c676469583e733d032ae1a3cd8241

          SHA256

          06a1e7c1974d4f1d79b70db1b59079febb93a3f6575e2572799eb59ffd9820e7

          SHA512

          7d79d350ac1935bc71140efb4ddaf241f6ff820281afade5290d4590e9fd3386b194c7a198812bd7206345fc5a03b336e21d403cd87a1a86d07cf9de14f806e0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38cb4ea9f1aa9a9e3f34c98bc1d76347

          SHA1

          db7e65e707487fd6ad8656a23e2088f1bdbe156e

          SHA256

          c6629deb53905f2f7722d32c31cb3e335ec4bbc88ed7ecbd8171d778e4e6e80d

          SHA512

          028bf2a1e518ab7a31bfeced1a9b3300805e75c06ced63ed275902b6f156e5b1a018ef8ca8a3f7780490c1f8525dc731247f0e406b4b7cc90e7edbc86cfdcb57

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6c54b705797fe9a3fcf51da7fd09fa13

          SHA1

          e15586948dd37628c55fa600f8daabe50c6adff6

          SHA256

          29979514bb7bd297119261e7874e580556c5574e2cc39e4e23885ccc57880f45

          SHA512

          bea6224610abc861b17cccd2659f9fbacc89dee8e315437ccd10791eb590f9d09f4cfdfb672651e5e8eb7454e30365c8142f81628378b1be80776dfa3d0e6f15

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4f87b65e0187d3547bb513d49cb8b338

          SHA1

          fd40076e946d7be5e098eff62d907cf044060e68

          SHA256

          0a6672592094f66438c82433d0a9c496dc31014b002473eb27f54e2a80b2804d

          SHA512

          fbaca68275b6fa3718fbef2b6de8be8bf215752b5e0957f1e1f79e8903a9c3852b76bc65e26dee7ddf1be72df1073445df49210e76d3ca939f9f292fa2b7d01d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9ce60bf77b54c8682c97fe1b7fcde473

          SHA1

          116fd91e99d967dbe0f3f292ef4d2aaa06216581

          SHA256

          559127415c45f698c7a4cf3e4efaebfe59bd2bdd1c3b76af50282649eae8c509

          SHA512

          7620d0a7373b9e607bf288095b88cb44602e92283bf332a1ee927178c432a0f6e9acb7b53c1d24e48a1d1aaee083514221d63ba87cfc2cad0030e60ae44b75ed

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4a33b073f17fd95b7799e279871d7e38

          SHA1

          8ce44134dfb62234e0839b94932aed626563f4ef

          SHA256

          6bf9e8f8ad57df574aa4b1572be5728c92c79a5932b0467b79350fc5610b0deb

          SHA512

          ffee076b7f2ed6bc5851c22075b38d05b136369132a8259cfae574ecc365a46d559b4c8ad75af6e1310eab7439e125a088019802b07768551515ed17c8643c24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c6cce9f2747772e184c2b6ddfaf2dab7

          SHA1

          14dc3537bd2e8a2edfd2db174224c96d0d29cd0e

          SHA256

          d6b0fbeb79411d95703ee9b438b8b0c63ea53064d25874cb6fb1fb9c8320caa2

          SHA512

          c548543b0a724810f3e1c14d8a9a50d65d438b1f36b867caeeb2162062a1a4293b8c970e22219d0df2146e45e800e9169e286d15de3ca5f2d010a8dc0f472975

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4e4755c1c3e4fc3b6ffeb0b6c955d5f8

          SHA1

          f4fadf93f1f5c7ff8f30c8ad007f56d3486f628f

          SHA256

          daf98a9b051de35fa372361f78fa0b7d07613604e20415b2a1d1b0a4abf6b6d8

          SHA512

          2243dbb4019d83e95c512567f28f1e65c8e74b372d95c031718d25943840352b35c7b572f98a2c8151c383c39c2099729349b3a90b2e6eea9a85d857747fd31f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2f123b6d99fabe5e29f9aadec9b87b2a

          SHA1

          e46f295456ef025d289fc9571596b60422398c7b

          SHA256

          368eb6d711133178e699438bd5c7dfa11db579ee4a838ea04bc72f926c0e0225

          SHA512

          3a56c85edf85fa33dcd8a9d49d0cd716e1be8238f53ee5725fb8ae4bac66caa3890b67137fd6e562385b5db747687e9c59db85a1a5b2d3ff8963515fd5db9237

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b18c2cd3678f7f4899fbce5b9f70716b

          SHA1

          8669b3181e58ea450ba4e56a1c4ecef15426fbea

          SHA256

          bc5c7b6959f332e9a63115c9fcc3e7d51a0cac8940d5ea77bcb876e745c6a534

          SHA512

          f104878a68dcc95026087ce2f839f4767e12674e46a52bcdcddff9a2fd4b555e3320866123e7e21fa01b5b115efd0ac8aa22d59d54e9c84dcdc607aa95a4d9c3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5b79490c0fd76e8fed12c1ba56beb759

          SHA1

          92de6fc4de7ff2f2671ff88ce07035ccb01d55bd

          SHA256

          4e4b3f711a2f0495f567b3c598e19d4ff764ba8ef3abb5b9eac1f469ee63e7e0

          SHA512

          4e6dee3e4c60ff021ea95452bc7f9c203cb87d4504d94f5f1a382b05db7b57216a2365f7ea1a1e98275b05fc042ea0a708d92d125c454e7f4fad91c152e75c57

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9d55c49614bd957e749de3c2dc9c9d38

          SHA1

          5277429687158b22d4a2938b78cb67a811a6bca2

          SHA256

          9d5d26a4aa8e7d99a06ffcceacc9e07f7175c9ed5e82d2387586dd74391686f0

          SHA512

          9eafbd63c257db1dde705789873b9fb9632404c8b825ab2b9eab635785da405a51fede1d327a98a7a88849e300da20961192cffaea401d45386dcfbc6dfcced2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabBE23.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarBE64.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.mmc
          Filesize

          149B

          MD5

          b0ad7e59754e8d953129437b08846b5f

          SHA1

          9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

          SHA256

          cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

          SHA512

          53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

          Download Submit

        • memory/2872-665-0x0000000004170000-0x0000000004171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2872-36-0x0000000004170000-0x0000000004171000-memory.dmp

          Filesize

          4KB

          Download

        • memory/3048-35-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download

        • memory/3048-0-0x0000000000400000-0x00000000004B1000-memory.dmp

          Filesize

          708KB

          Download