Overview

overview

7

Static

static

7

06d5e4f30d...2c.exe

windows7-x64

7

06d5e4f30d...2c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06d5e4f30d7c09deac41baba96af7d2c.exe

  • Size

    856KB

  • MD5

    06d5e4f30d7c09deac41baba96af7d2c

  • SHA1

    3c209ce6f55a4f7fc514adc2feb8e5078e1726f0

  • SHA256

    e69169a88ed792b4927243105074631c9b505c7b7405c213220d95855efba304

  • SHA512

    861631e443bde353563b536974f430c56348f3f5d9e0ec3e9b683d98ca5cef85e842908f7105e66dd16b8eaad9e2a92823d170449add05f6eb3361f77cfd6d3e

  • SSDEEP

    24576:Jr2gCMo1GEYDh0KoylKYLU7Wmq68ecSST3FFI8:Jr2JMo8EcU7Wm7cS2F

Score
7/10
vmprotect

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06d5e4f30d7c09deac41baba96af7d2c.exe
    "C:\Users\Admin\AppData\Local\Temp\06d5e4f30d7c09deac41baba96af7d2c.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\explorer.exe
      explorer http://www.52hln.com/
      2⤵
        PID:2540
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.52hln.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2744

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9fdcdf82db7341c50d11353b79938949

      SHA1

      5090300812503efb7da4f36b706c9f46492748df

      SHA256

      0a4d819414e3ae6cef0148502b4da0c542605fe4d44449bf054705f5aeb0b664

      SHA512

      f3e72c8ff8b3c8eef3f2b9ca2018720eebc359e05f5870fd64c49134c109f8d68929c3446571e0507d06ae51554a9835aa4b8ead2c92618905dc8fb974f22195

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6dfd1bd779b16e62c8e03790a0099b6b

      SHA1

      75dc12dbb26f9c05d4a22469d76924cad5bb19d4

      SHA256

      6e3bbd018c4ec55e305b139e083212241da34c84128bcf4b901635227c9e5d5e

      SHA512

      6126935668dfb056d10fd65b4f66b913d1c9d0aea07c6f9086aae012b56b285fcaf4309b5284b16262743bb58bde357678b95adc1c85a156d670d587e1ae6156

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      005d5517bcec7cb2e443eafef211bd1b

      SHA1

      dcf0183f6ea01ea2285bc80be0932b0cc097474b

      SHA256

      dba280c046712ba53aa781b533a32a4b5655f20f419bd13bd94e461bb10e344d

      SHA512

      a981443925cbfea81537645a36aaf080b8747d016da8ccca8ac030b4fa9dbe8e644bfebf479a44458abca4beeb0a14ea5f324a02e9287836a1d17e2906dc640d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0392f1a194da739353a956fb890afdf7

      SHA1

      1579a2e293755516b81c71f456c4036550e70897

      SHA256

      2d17a346830c06cbafe5a268e496d9b97a8412edb13b54a39a95f4510aa6365d

      SHA512

      26b7c06a57dc94544e580f168318967c11c566b07cd25cf6b01db6a28441dcf56c008132e518e1f33d880826b9bc822dd056b280a61a273497857423dfc5fb0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d592e87f68f63f3d72071fa9035633b9

      SHA1

      b21df374f650603b5d7e5684e57ddb540a1ff32c

      SHA256

      8c95f6adb91b2af8efb544004dfc8d33e46e19feb05f88064a806acd64e81254

      SHA512

      1dc954dee7a4be137c507cb54dc458a81b0b393914ddf5d308283a7738f68ca06f7ac7210d6eeede3d1d9cb6c083801a1f877715c22315bb8ffedc063c948f63

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d7c93a78bf7806e88969187a43d19c64

      SHA1

      d2e96c1fdc6f2ff058c916c722fe8e03a8e6f6e4

      SHA256

      86e47ebea626f09462abb92e293d8bd975ae22bc9e225180c4520b877d8a35eb

      SHA512

      035c14b48c20de39a7c820c59da40f4a834e78735918883c5ab8d5471893a504c78c88d130fb8d2fda128a16eecebd30ce97f213379d9b064f51d0fe7e72e9f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7a4b3a87d879d611f0dfb5f97b4f37c4

      SHA1

      2f2f1d0529a0787b3e89ab741bfcfbd5e8642658

      SHA256

      829bdb0e49d167c811088bfd70f4250f43b5080acd89f4930fd5af0865e5c181

      SHA512

      c660b2346d8e79dd6b2d0baade2f08a6e32f9cc57ed4bed21ef16bfe11d01ebdc0e46bca69cca54dbeffba88a0396473179fee5ffbdc7a1885531d918ea99744

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3bf586a11809038aef5bdda89180d7e8

      SHA1

      36f0ce7d6e0b337eee81473cddfcf709b1744de6

      SHA256

      92fb99fb69f2d76f0e5c57b25377bb4c296fcffc70cd94061b199716a40683bc

      SHA512

      ab5387d0f16b36ce14c5046e97dbc6bc98183431a774141a491aedcabfb10c9a9d4e78ac782a64adf0cbff5fde6b2934434b4805d7358391cacc2ea6309225f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      210e414752795abd33bbadd298c00807

      SHA1

      9d9600e26cab8a0b933d4430ecba8da2d0894b42

      SHA256

      5c0c826ff947a7d104d8e93230e788b032cc48783b98f8e6a0417345d8ab1424

      SHA512

      6243a4433435e6957675dc5fefebda3520d813d4f2315966c63a9f07071cf3472c560a62629e1c8914a2fd36dba5881e1fe307c134b1e1edf3b3151591e22cce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c27eded7d619b414b59941f9c1dfdb7f

      SHA1

      2cca4597dca2bdf75aa23c2e2e27bc999972a3c8

      SHA256

      820fe069d1984e3f74acd50ac1524719da3fb9a455994eb677b4dea3e9eccd7d

      SHA512

      a291fa92e25bb5bdb983a89d3a9de3074c516cc34a70d5946e7ec542cce2d8a3aaffbb21311985356a0a2b9d2ed38650c63d5b9a422039b2b48431394fca11e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c36738221107969fa723b9971664ac4

      SHA1

      46c5eefa16e8047ce73e9a94b2f9c0b6332b4d4d

      SHA256

      1eea5fb12a178beb91a98d81e276b264568073c0d56d4babdd111e812875e081

      SHA512

      d248f7e419fd6f19e198d68df3c6bdf4b2741b6b7d8c258672b1c40bec590961b1f50d5a796ce8e028acdfbf465bad37797fd1854aef43722438cd1e45432b0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d4b651d78330c6d6980afdbc7c67e18b

      SHA1

      d58718d8069811f387d45ce1bf59904d288f60a0

      SHA256

      1a21eacb426fdb738bbb9a2e0210be93f68bcf6aaff99bd7400e148c42229960

      SHA512

      a441fc478d9f09984beee3cb5320e28442043536da618615490a45c1724eac279bb1bf2d0869c4a99465853ff7353fcb1417d130895795f85cf793ef26daa33e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      24a02ada7a65db8ee3b5b6fc360eb712

      SHA1

      14b72bf7128bdf6dc43c0f625b8c8215e6a07dd3

      SHA256

      f4a535b93a52317078b27e601eeb1715748e2cbf3cf418df960f0926ccc5d45d

      SHA512

      bee582174f9518093ef9805c7768b91a87674d173c06160a1e1a9f6f309de9f8e9570a18052b9b600b54a78fe06893e0d2d7a839961312abf284d8054edd7763

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5238.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar524B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Windows\SysWOW64\SouGoo.ime
      Filesize

      17KB

      MD5

      8401524b48426c2ee139e21fbc81be2c

      SHA1

      d45c722dff3825f68eb043367433394fda771740

      SHA256

      ad9837d5aeced8b268abff5ff6bfe0220e75f76d1eac1b4e37b778ee9c40c5fa

      SHA512

      2958c11bc9da81403d241707e574cad2c85f55d6769d16414de79b7a4a84c19c13318112fa1ebe4f63768c87e2073ad26f33ae193504a7c5e912c9b721062b5f

      Download Submit

    • \Windows\SysWOW64\SouGoo.ime
      Filesize

      24KB

      MD5

      e655e9e6346468db31995620f9391163

      SHA1

      addf1935d1e8d9dc2c2c819e8c8b26fd2e48ca58

      SHA256

      fc06ce1cff56487f027f7a6c097fdb4732ebc5f4e48a7c7bf92d56f90939993d

      SHA512

      b99ea9883ec975a679e132de7d53698e259650ea52a1d13d15eace5a982c01f7f24551936b7cf9fe242dc9631926855f23ad43779b2eb2393a8905bf4463a2a2

      Download Submit

    • \Windows\SysWOW64\SouGoo.ime
      Filesize

      27KB

      MD5

      7df7992c01676512461977dbbf0df53b

      SHA1

      c16217276c45852a26239916bb40c037085bc8da

      SHA256

      a953299d6e7aa2608c70fad701237677245e70dfa198f0be6944f59bafa15206

      SHA512

      f164613caef1f110ee064a4792ef80cb13f8cc920c139caac063f3417fde6557861587810b5bdf211719c31f4501cc2fd530c8287a0835a4c7cb65aa9ba35079

      Download Submit

    • \Windows\SysWOW64\SouGoo.ime
      Filesize

      14KB

      MD5

      364f39701fa965b73540c8d7882dde10

      SHA1

      9ecea77dd118dd2047cffe3d44f08eb739a7217f

      SHA256

      91b1f94b9c1b3765d7c3270c4724263e194c39bb2fa91f8c56cfde285dec28e3

      SHA512

      c90e08bc5b9857fa702cebc6835e97eaca09b02a73f14f784d563f3c2785a7c900103caa77d1b3855be306d366e7b770aaa5cd02a84197837189c2a11e2ea49e

      Download Submit

    • \Windows\SysWOW64\SouGoo.ime
      Filesize

      22KB

      MD5

      a5bac6cb8a7e878c11916298254d45d3

      SHA1

      c9d0749f9ea8b13efaf6f296189f836ccace2721

      SHA256

      fe5ab2c139ddc4303bb6da3d96d161e51cee13c3da90f911cbb4c504523bedd0

      SHA512

      33490a0ae210417ac5b53a150195be68671408028c88711070e3a4065f79c38d0958d371a210d0595bc8b0d6a769b3c3d9a7e87d242f0e31bd6415a14e61eacb

      Download Submit

    • \Windows\SysWOW64\SouGoo.ime
      Filesize

      17KB

      MD5

      1466b6c8b671fbef78e78c61c1291ac5

      SHA1

      416c834b4a3a87221839443c872114aeabaac1d0

      SHA256

      adbc62ba1becc33f0bea79c1787ad4f4168cead56726410bd0c8c38d27d28006

      SHA512

      8bd382988735f103166852b2d3c7b68a9b0ed0deca471f0f2f05e258b5e1963db3297723ecd5a5969bfc0629b28729b6b7ced20a1e0f2070509b04dbf9656bcb

      Download Submit

    • memory/2144-450-0x0000000000400000-0x0000000000690000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2144-0-0x0000000000400000-0x0000000000690000-memory.dmp

      Filesize

      2.6MB

      Download

    • memory/2144-1-0x0000000000400000-0x0000000000690000-memory.dmp

      Filesize

      2.6MB

      Download