Overview

overview

7

Static

static

3

2554977f43...7c.exe

windows7-x64

7

2554977f43...7c.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 14:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2554977f43cd1421d001bb2b3f8c287c.exe

  • Size

    82KB

  • MD5

    2554977f43cd1421d001bb2b3f8c287c

  • SHA1

    4a49c0f3da67f85abde45ca8a4276aa54f753af0

  • SHA256

    cab9a374a21a00cf887ef1fe74aabdf1bb005b922b341b92fe51c503ee58f026

  • SHA512

    7403d22362fde02c1d64baeaeb9cf12a5dbf2aa607bb638deefd13a6db4abe0c11d04bf9286549f9980249a9da3574b3ce2a2125c3b98a5e4f4202ced725fd70

  • SSDEEP

    1536:R6KDqIaiMHQC4DGjP5dEINWu7ajYEYGMe0mN+CkjvHjnyppguRQxg+HdU/cO1:R6KgiCQC4DGTDD5ajYErKmNo7nKpDito

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2554977f43cd1421d001bb2b3f8c287c.exe
    "C:\Users\Admin\AppData\Local\Temp\2554977f43cd1421d001bb2b3f8c287c.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1220
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2512
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\255497~1.EXE
      2⤵
      • Deletes itself
      PID:2768
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3000 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    9e57f49c038ab990632b412888fa3e46

    SHA1

    7995c0bc63c3891fff7204d1aa42a543c63c0746

    SHA256

    191f0e1b9fd20cae5e876534948836dc68b080161cc70f986de8023f5f83de57

    SHA512

    cc3820eb8bedb5f236ffce3c3e9fae4fce59743a6f22d603541d36a3b7c890bad996b4aa587699880b27b402a9684342dab911e4d65531e82ed18f156e596616

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98587c69dab8433379abcb8adb4421e6

    SHA1

    d1635edd6fc1800dbca7c43b5bfaecbeec08e58a

    SHA256

    86c7ab4cb51d341062a76c6ee04e5b418f022284cc9d3fde73034a704c4abaf1

    SHA512

    5f65e1c0f8c91e34f5b0eda3deeac1e83d802bc5730ac8324598dee59ebd96dcbeee37e0f5d713c8fa9bd9fd5662f8eb653c346f387ded49c451b24b78a492a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b72cf1ac82f46f1d1434066b4f6e6b05

    SHA1

    034f2b99f978da7e75945ef5d73dcc338c4b0368

    SHA256

    475460a07a0956a080be36fe4476f7fc6b9ab2dd81332a468204e05cf981157a

    SHA512

    025d9245fe9a72d16d33e67a62a6594ea8b8a6c0684ad9033d0fdc90857b1d211447b7858e7083d92d0a7bae574dd184f4aaf7fef7b4f143679c2d5255644ea8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18ee59e35363183ec5f0c8ec04930f48

    SHA1

    493244b366995dcb0abd68a8dae0501a43961399

    SHA256

    1678d8e9821b8c787b9512a3077eb0414c2f213321deb77b4913b8101e48c44a

    SHA512

    62e5e436fa8d154f8409137e400bf8324dc8c77b738e9af99d714fc404df801bf9817e80645091cf462909fc1c3384b77c776188f20fb62b4b5d067f14e36d9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1e3e4ef312d3424bcfaab6e96c52b44

    SHA1

    a98b3e0c791521da791a0bc0ab7a6153b519ca8d

    SHA256

    2840c582ea54a82dec58af1a364ccb120ee6a1d12311ae8f851f222d56f9224a

    SHA512

    bc3145ef1d3b25a391e3ede044e13f22a39f0e64a5aed1ed6517bb145e16d3068ba4417c376a2e44e9a5725b5cd26029dd083b05bce30936acf44390a92b6567

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    d2ab7fce411aed846dbfa900b6c9910d

    SHA1

    e468d2e46a828490fc52cfee74fd94117fc85a01

    SHA256

    4bf6e0c1e0ac2c2b330d9e5400dd5aa0ae308effd99e5fda39bc8f1570a2b8df

    SHA512

    ce6896314f82f6fb4959b834bc8d22b3452274d6fcd29200e7cb638d18f9bfa30ac971187a250630ada065cb2f2c7d1189bae35935a377541ccd5eb7e1b632ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81006E71-A3C5-11EE-8221-D669B05BD432}.dat
    Filesize

    5KB

    MD5

    38a51c01224c3994e90d8d6220e70bc6

    SHA1

    9f4e492e8b4b138c9fa4b79508530b7c29f8a973

    SHA256

    42ed61ba2c0a9f3e3b190e18df330616a0c49bd79933a905377ba8d9267ac3eb

    SHA512

    5a1939da088d5376334bf77305adfacad1e7e0b1da6499f870377b8d2afc9dcfabd65f1686b1c06f950b4faa1fcdb6d576da0b71b20e044f94f905eb78ccafc0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar20CF.tmp
    Filesize

    92KB

    MD5

    71e4ce8b3a1b89f335a6936bbdafce4c

    SHA1

    6e0d450eb5f316a9924b3e58445b26bfb727001e

    SHA256

    a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

    SHA512

    b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

    Download Submit

  • memory/1220-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1220-4-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1220-1-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download