Overview

overview

7

Static

static

3

2d5813a52e...d8.exe

windows7-x64

7

2d5813a52e...d8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    3s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 16:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2d5813a52ed7f1abea030cfd59971ed8.exe

  • Size

    361KB

  • MD5

    2d5813a52ed7f1abea030cfd59971ed8

  • SHA1

    7e9122adf50eed53b79da254f0a66eaaa3273d0c

  • SHA256

    59b2da199ec5291d95059fa13898c45a727ba353afe2f842204b1b1ee7dbe1c9

  • SHA512

    4dee1f7fbe5a312862982866d22b6d3f9e701b153e107ccd42f89533cc28b684b2393821bf6c0574262f53715539427949d15d4a8e9568906d51b7e141997313

  • SSDEEP

    6144:QflfAsiL4lIJjiJcbI03GBc3ucY5DCSjX:QflfAsiVGjSGecvX

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 18 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d5813a52ed7f1abea030cfd59971ed8.exe
    "C:\Users\Admin\AppData\Local\Temp\2d5813a52ed7f1abea030cfd59971ed8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://xytets.com:2345/t.asp?os=home
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2988
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
        3⤵
          PID:2164
      • C:\Temp\ywrljdbvqoigavsn.exe
        C:\Temp\ywrljdbvqoigavsn.exe run
        2⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        PID:2644
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 192
          3⤵
          • Program crash
          PID:2736

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            e000a77b263d069c71e6273d1e9e05f3

            SHA1

            47b1ebabfa80e14be6c4196931cda0560bcf1e70

            SHA256

            5220bba59f3cffa9d3c6b66a4474652c79f58f80c2b1e6f8e6e3857501ed3d6e

            SHA512

            ec4d9caaf1f0d18eaed19fb3e85f8f79186554bdaf8c93e8df690a58808812e0b7302a3c32e475a172899ff3373fb8621ae431e6a8358f6f150f854357e37441

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
            Filesize

            4KB

            MD5

            da597791be3b6e732f0bc8b20e38ee62

            SHA1

            1125c45d285c360542027d7554a5c442288974de

            SHA256

            5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

            SHA512

            d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar5B9E.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • \Temp\ywrljdbvqoigavsn.exe
            Filesize

            361KB

            MD5

            c1ac328fd9819540c89d7c495ba661a5

            SHA1

            d30f8ea30f0a0a80bd3d259b8a1fa4cd8835666a

            SHA256

            53eb25560427e87ca100fb7559e7c99a363a2e5b8d62c791be0f798dc864ea0e

            SHA512

            6f49a3dd04b301f11ba5a33d86db0c0b4ad2905865d8a4df898b425194c47e0a7349e3f5aea19983ced4e3eeedab028eebdd6115ef4bca578497157fbfa99e09

            Download Submit