Overview

overview

7

Static

static

7

0e8fa8f150...87.exe

windows7-x64

7

0e8fa8f150...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e8fa8f150721023ec992b47f0262487.exe

  • Size

    38KB

  • MD5

    0e8fa8f150721023ec992b47f0262487

  • SHA1

    711bb6ebbd7f70cab372547bf9cc3f4f2e288ad9

  • SHA256

    73f18de963b5be69d773f952ffeb892020f30795750d554625572820db6ba995

  • SHA512

    d1e1eeef1cff7d42173fc95975e2bdd14136db394d7ca57482fcc6ef761e763d93cfb92496130bf01404b90b822ebb12e1bb63f13005f029a95e8831b35ad733

  • SSDEEP

    768:vGpZaPDR881wsYgFrTmz0qH/LvGKWv9T6rU:OpgRFW0rTWHjXrU

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e8fa8f150721023ec992b47f0262487.exe
    "C:\Users\Admin\AppData\Local\Temp\0e8fa8f150721023ec992b47f0262487.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download787.com/sanity.php?1=167984-10001
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3028 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5151fb4064c2f52efd3f274e9a5f7d13

    SHA1

    566ada3401f53582366691a43a9496e74ebdeef8

    SHA256

    28b1a599e6ce6fab420fc9e375e862c58f8ec92363aad6aa776aac341bc39d68

    SHA512

    f0ef1f04ceb8b1286d5c1f3a80d6f81a847996fb7e997471e3ad19266a0c0a9d95d9545cf5e94808a903f51a4ea3df4fb33f6bcd868ad0b4b0e2b9a3a949f78a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    176bae165b6b31cb94d4309e22e34f92

    SHA1

    9e0f2808e93bf932c049c2bc771cf23eabaa6406

    SHA256

    66a09335d9ae826e598d55126b471268d18c4dadac2da4e2faaa62d14f1fdc4a

    SHA512

    987aa3303b9db7c00a70a3f68fa61a86b14802e1b1a2a835bceafe36ec7b151572939ce68d5aa1ef2aa7cf1e3a73503a16e519582d36b2703f8d5083a46aa5fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d1987e92c89896291c4ebebba811d056

    SHA1

    9108e01ee156d62571f726b3ee981b114ec56e7c

    SHA256

    64180ffb9f4261552d87d09c9998acbc7e4bb933ae52e85beab0b73c4b6e2e2a

    SHA512

    9f2feed8c86864d56362cda8239bc4d136bd1eb4c7c518815df39352bf0a05ec754e2c0933fc59b36cd3a56495f006a68cf6f5d53ca4e3f163b15d061cf7c3c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a0c1415f0a959af90f8b110a223fc8a

    SHA1

    44ebe4cc242ff94a4b556a25c5b9d7b026699c0b

    SHA256

    819b193b16fc53d5743dd3f64908a893bd7fa4d1af32796bd6771fe6e38659ca

    SHA512

    db35dd1a3c227598ffd8a0522fd7c0a39ae78b0bbc54511253f4f69a7aab4afcae8cc10995246a82648786d322791f10ccb69ac1548ffcf38a35093cbe82f5e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6bd768ec41561330e5a4264298620cab

    SHA1

    e4ee5996b8678f4267dfba6c0e9333f3232c045c

    SHA256

    d643ac61419d779552f4118d74fc61251d7b938b231ec7749b1c666d71273cf9

    SHA512

    67a8b9389685c97847d5ef762633ee5fa112d742f2e369608e201c3e23ccb4eb4b67e8a1ef632220a83b12c6036797b0ee5f5da4b1144854da650de7ee670e7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be383bdb55ef592dc9f3cb69e9f2439c

    SHA1

    140fd464e2a37c14f50ec0e808f8ac29c600b26a

    SHA256

    d781a9c17bb294bb15cde686d3a46b80403696c68b140a673e28122c03433114

    SHA512

    abff28a9f4d41839fdd95d3161bf407d7890cc9fad386f0ea58a05af57b1bfa1c190dab1baf60ddb07d8dc54a2606e985e09af041e9268982143e1fdbbb7437e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa1a450ad8ec6ceae70ab2648891e67b

    SHA1

    dc49e0c952f0f64cfd3737b46dcc3152b6c25009

    SHA256

    f65981d96ab6bc4cc98265e2fc8e1ded55f06ecf997054ccd8ac797b306943e2

    SHA512

    7d2ed0dd17983d943b4adbab3178fba2063bc5e3048392607155a22859fffa3abe5bff00a40ae236a429ab3b1eff449c9c9b28f0a4738399d154fa3b65050370

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2d66bf524dd05b2335537058cc4493f

    SHA1

    2d4aba72f8de63d9b44ec5007cfbd5532423716b

    SHA256

    52c51fd86748a83ea004252bedb41cfc71553aab3f56c8eea4c8d773ec8991be

    SHA512

    25c8ba0b540a1382d23cbb5659bef4039564835b70aea66c2782f48ebba2a662cbcccf06717b1ad0b0439952ca7b5669189b3d6323a3e937c8b6b5cf36ac221f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e16c39a132c372411bf4096a40c3f31

    SHA1

    34a18eef548848047c871dee8de3cd77ccf61455

    SHA256

    54f00cec73ea5ede20fc7b53172e33d22d8820ea6bfc0a31f95021bb702794b0

    SHA512

    4a7bea000418f35885ce8cafca74332e7a0348da2f79b8ddcc4a7fb3b78c4b82b08e2a54cc6bcf64f614fed95748b306a8025073938463b5a67b4ff05b5f7bdd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    222c8e85f949906993f2b9b778bf575b

    SHA1

    789cd059aa70676fab2eb8d57b33df2d9134d560

    SHA256

    93048a8cd67f8db130e66d0c6d0b404857fb59608de6abfbcb5d73666a0c0a85

    SHA512

    0127744a4ba5e479780d5cad0311a9c344849dc86dfd2dd77a09c5cd57a8ba35e88dee98e752dc8fc463f6d638702ae2b88a73d1ac6a19646dfe4cf15c46eca9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe7c776ae3952a394119bcbe7b292e38

    SHA1

    50f6481a2a0c15e4620c0ec904439c5a481093c0

    SHA256

    4f26404ae71fe65b552b32151de6f4a06f0a5d72c84d1b5c34d9df0923f65a7c

    SHA512

    0dfe036074fb137056e689569ceae577fd265d322146ef5b50c108459a9e34ffb56b90b189e2da3efe62f8707972b0217aa85cd5edd9f80b73b0b7f658493f86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f3190398f8ab8649861f8198030d3e3b

    SHA1

    db670177dfec2889345ef4bd2a85adb3b5aaa8ef

    SHA256

    6b0a555e5c7c5364d395c6290fe998453dc6792a5e06c222af8bdc5943774d8d

    SHA512

    aec6f3483055f431e206af8e97d074e0bd6872e9e83c7b30372dcc7cc9ef207269c4fa0664306fd913867a2d8310047e6545f4e4af64ba2748d1619b34391363

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c10bc2b88d62a70222a68cfe43477354

    SHA1

    6885f8b8e4316648bec3edca05f2f4a1927db919

    SHA256

    6c7b8ddfb43ee0ccd9c2ea3c2263c9ea6ef61b295fc04e50ea168d8382650b07

    SHA512

    f44fff1ad90edfbf0bf3eb3376dfc1a35c8e0723f18c0d43e20bbeecfa43f347159523688cd098e71f818743722a2bb8ef237087e625aa0dea87b4f2100d3335

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8337cb2158a9a26c452d978ea1dc58f3

    SHA1

    a692aa97db639fa831411bb0983b72f60d6580b5

    SHA256

    c8b6c597d19c86b9f09c58e628a62094f696e8a07675f3d0d13831e15c141446

    SHA512

    a8ac5f389e7d31fba51f75d121263e5f9d42fc9034832be9b2d3cedb6b42d6ce78a08960460c97de77d1ca4d882a44f1ddc1f86dcdf4031f9ac363e96793d819

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA1AD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarACF8.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2228-2-0x0000000010000000-0x000000001000A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2228-1-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download