Overview

overview

7

Static

static

7

344ec240e9...45.exe

windows7-x64

7

344ec240e9...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 18:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    344ec240e92c10cd118756f32f6e8a45.exe

  • Size

    14KB

  • MD5

    344ec240e92c10cd118756f32f6e8a45

  • SHA1

    23a2f55d3fdea9c25ba28d5f4f8315388ce2602f

  • SHA256

    17efa12c19fb9dd9c6d3a362d496a9ec8e46edc5a6d40400f81e9369964e940e

  • SHA512

    8278d38f65c76b351220b9504b2b8c41ee0f4453cbbb8a0faad2c91ee0fda6cd4b5d39bf2c5e03b6fa563277ccea9b13a446fb43fba313d02f85a8de2ac0d247

  • SSDEEP

    384:Sssn7bCcz/74aNJawcudoD7UjlvceM4mhJ:7sn7b9/NnbcuyD7Ut8J

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\344ec240e92c10cd118756f32f6e8a45.exe
    "C:\Users\Admin\AppData\Local\Temp\344ec240e92c10cd118756f32f6e8a45.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Users\Admin\AppData\Local\Temp\1D9E.tmp\b2e.exe
      "C:\Users\Admin\AppData\Local\Temp\1D9E.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\1D9E.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\344ec240e92c10cd118756f32f6e8a45.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2416
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.regiedepub.com/cgi-bin/advert/getads?x_dp_id=433
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:320
  • C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\selfdel0.bat" "
    1⤵
      PID:2560
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\1DEC.tmp\batfile.bat" "
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2688

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5abe3a2a85985ef8f834642686661c42

      SHA1

      bcb3cabc053b3415f7a204d46c6d5493747b6c9a

      SHA256

      ba46d8c2b8a34f9d8a39adaf0816233c71649ecb527161c5dba4c56a65436625

      SHA512

      745d9484d83a762f5f5116b94f2f563e71090bb0953469a36e29c8220c6557d7c24868b16a13a2d53a251bcd9ed4493e2971f2eb1771dea546dc4e72a15916c9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3bbf620c7aed535ef4e6b330cce60cf3

      SHA1

      08ef1e9541c089e68ae4838b7da04b86f2fe22a7

      SHA256

      b3ec395529532f99fdbdd9d9c4c36b26a8deff826fcf7d91e13dcd7b8954ff98

      SHA512

      c3fcf9db48dc2f1b39bf5adb1f3e20f9e3df142d745382873eb4484806489a9da45164970e65ec5f29bae73de7f4ef29fbc480ec78fc9e50458126e68ce97cd7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5517e7d7bdfe69b898c1484022f0e97e

      SHA1

      eccc1435f8375d9fe84aa0c792c4a67d1a04d20b

      SHA256

      45161232ae552933f9c3a61a1610dd3d71953d112fefe2088122a2c177f53232

      SHA512

      c6ee3a80566a9765f4a096589b118027ce037cf59f023900080d8a73003aacbb351f54a5059bfb4aa47c322a1602e83ceaf766eac35dd43b7a4470acd1236f69

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b4c6eefe67342383505eebcb1d81344

      SHA1

      6d5f5dd1feb18b1802447d07bcafe8e1be4f4701

      SHA256

      856c31c2cbf99f71b40c226f6c6d1f5b985f24426f184a9edc388303eedc5679

      SHA512

      2f0d49e8b2f96b1a0a9f9a24a075da35124818aea1bf88e88d3e25049ae1113014a97e9bec7b9cff5d75c212feb7d024e109271afbddee01c044d94f615810aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      afc35689fd7366a0fb818287aa903153

      SHA1

      33500181ace0a20edea9abc2ecf700e9629d71fe

      SHA256

      5a835fd1402fc201c33643ac883a5a296e11a45885f6252042084ae56ecd336c

      SHA512

      7358ecdaa2cb8c82476c9f86d5178053e543964b10c8d7521260af028a12690b83dee673dd9acdc633364df165ef03acef63d52259924021368f4405ae805d8a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d69f403dbad75b44561779e844bc3a26

      SHA1

      1f4296cbb3d63b4954188c9d4409d52d335a6cdc

      SHA256

      9c9e7acd08c61a67adbcaa63479e78cb464a8ad4ccfe0c3a5893a5eaf76c3ee3

      SHA512

      e1155ca2aedf1296df66111f8cba837a96f2267b6ea5766755bf0869243aaaa6285d73ef5104ce01ee22077adb973d5780f7161096e3dfdd7eb11d8ceaa117a2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9359b1c390719ed026a073326c9a75c3

      SHA1

      e5cfde0970ac0e80297684c50917221d88510643

      SHA256

      dfccc3e4995e466dcf300e814c9a964ed9f3af35cc6fae235daaf45dda58c4c3

      SHA512

      97b1068fcb6eb793df9f8407e9e46645dcfe3906c0abadbf18427c66b0ee42c58bab135cfdbe3fa112a31f6f61ee7fcfd477b1461d43229ed1845e6737cc9d59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      05119ba9ebf838b91126f6ef14430bec

      SHA1

      2951cb0464f5293e9c2b81f18f9104e877626d5c

      SHA256

      060453ec33488b8727fb2b2b4e309eb857cb2b06ddfbb2beab511661411526bd

      SHA512

      beac02a97a51b0faefd840b2b9adcec5826f5087bfa7e4483731cae03f0ff5756713543c690919ee4a7f2b403c548061f63cc975768fe5ab4c2b444323a089fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4533954a8e3d505ea02626212fa644a0

      SHA1

      197bb0df67bd65f744648f8a0130b24ebbc8b490

      SHA256

      a1cc4b48e4ad9df89e9a1e4bb10ff83e2dfdb9ac6c061f99e0f85d6b465d6130

      SHA512

      e21dd109e3b1fd520293701372035d4897a1352788445b67f57a40f6d0cf820a26b716804a0221d18ae9904270f4c0cd240c780ba8d8c946f04e327694ed6c7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      87a8322d24e373fba97b9c615c2e126d

      SHA1

      12a002199b490c7a27bf70b173c8f7b4b1803224

      SHA256

      f51e03cb5a978b6c88d7842c7a51fdb8c5323cfdc3714e8d9f00fbe5cdb5f739

      SHA512

      b7d7463071699e43a15d643b815d185b6f54800ba9dcd78ef4e7ce601f43a5e76de5aa985b4a098c69de80073b40fd043c159193e8dbbb6b254a9b9db1520e32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      798699a317ca7453102d365172a6e70d

      SHA1

      26c3f8fc9e925b3c70162caad0a1ccc74df21546

      SHA256

      caae2d211ac7b03a5356c3ad8928a360bb26ea06e308dde345d04b0e8cc999b4

      SHA512

      eb691406b86fc6a5b310544361b83a034fd1c246092aa21598d5c8f29faf457cf0f2bb01207031504822494b82f68e445c1f23b20ebc2e4707ce31a0f88f9ef0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e77d1be8e43d36c8a1d548e9441668ed

      SHA1

      297984b7dbd86b515484b5e564e05abd0b9fd780

      SHA256

      80690322bb1a6a30796df47a99d3c8717722e400d5eaf6a8c00bb688a57f9634

      SHA512

      a67af735c0798c630bb74e79bd603cec8f68b9cc0b62e8cf78eb12fdd6774e34b5fce1add2a50e4cd107d54c5df9e8aea9a4f158f24ba263fbde03d975316821

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f5f0485a0d0e2d0efe036b998fb8de94

      SHA1

      a56c27e76a28806781d1f6e07c7789c105b081e6

      SHA256

      19d3186e08659b6f8b29548f09b8c7f997cdf793213ee80d350122ee0baa157c

      SHA512

      a25b2cace32bffbf58ed5cff7a97fd95caf46eaa6edb756475cd03c960bfd573015a9c1f08f26548cd12a8255d45ba9baf3dc6ba2a90cbbbbc6a76790844c7dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b264d44a94efb747765753f5ccfff4de

      SHA1

      b8c15605459830a4753601b3167fa30637b56424

      SHA256

      7a0c9d1880892ec801408836009ba082b3750b5ebb1d356468e5a575d478f6d9

      SHA512

      0f35bc778e4e3f837b075d18bf93d44fa48eac4f517a6e5fd88bc96006818b89816eeab39cfa2c59f7cd7c60f87e5d2c4768937c983061409ca0bf74a77ec546

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      85b3ec72fdd0040fc5a7b1a8534de966

      SHA1

      e392d7d5c35a06dff343ded582a1ce31ba113651

      SHA256

      99e0d264d547aa3c0b09484bc5ac92faf2be4766ed9c2f49e0bdf91576606c2c

      SHA512

      7822fe0ddae3d6c2349938e4dcfae9fbb7ef65e1939ff2c28dc46f543df336d5165af99cbd46b031ca559b66bd763534bc916ce16326736552dd4c41c7d03e49

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      89ff32404a8d95c4d3dd1afb2dae2c77

      SHA1

      ad38a171c5dbb2f94e22953ca271589607998ff9

      SHA256

      35c514ef800aba9cb8481eb9d1c57f26d15a4b2daaa0e8090bbf6fdf401a9e4d

      SHA512

      39a09f11d13634a67235284dfa7c03ac4f77066b138b84da015021cd5cd0991d1af412cfdd6030e3616e3773eb6d129d1ac0567300f335d710ccd3f7129d4042

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      00375367acadbe963a3850d6d38946e2

      SHA1

      25db35d7278062b087565b769318186b715a0f74

      SHA256

      db569250568a0bfca1238bc6b17ed28146ec1bcc1e66c8a50db608d69e737a56

      SHA512

      7cfea1c7e17d95dc76feba1715d46e5d95a18baa74d2c765c5f7c00c9afd0f6b8153109c88241162101caccadbf87df281caa679b2c8e3751b59486675fd563d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1d2ea935dddc4d008f8ae06a91685af2

      SHA1

      26e8c6c15f28fcf7778f8e8b5978d393b9866d83

      SHA256

      0ab1ea46c1eb6656e2156cc115124545603cdf4d948c3ced7bf23f3cb86b5b98

      SHA512

      9b17c40754b5c28dd14875d2c8a8f03f963abfb326c53f1b355144ff87ab26af00ce9b52f3eaea29657ab3a6a4de9947e7575fbf69780a5138c5b43690f95be4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      638a80990cf60689e597a403dd3605db

      SHA1

      938b168c9d022eb42a193cbb5c55735ee175cd36

      SHA256

      aaadae7faa3319e47403a15054575c6f2e108393e9ef1d911bc627a0e5eb7e5e

      SHA512

      768bb63e4ddc9f02bf42390ab3c0881cd83ee054337ce56e71ff1c12eeab0b8184d931d9d6ce2736c892d129b71c64b9efe7516165097fb83149070f748e2e6f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\px[1].js
      Filesize

      476B

      MD5

      d2183968f9080b37babfeba3ccf10df2

      SHA1

      24b9cf589ee6789e567fac3ae5acfc25826d00c6

      SHA256

      4d9b83714539f82372e1e0177924bcb5180b75148e22d6725468fd2fb6f96bcc

      SHA512

      0e16d127a199a4238138eb99a461adf2665cee4f803d63874b4bcef52301d0ecd1d2eb71af3f77187916fe04c5f9b152c51171131c2380f31ca267a0a46d2a42

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1D9E.tmp\b2e.exe
      Filesize

      8KB

      MD5

      2c74234eacda6e3fb5644e6284c205e5

      SHA1

      758bdcec55755ebb001a5fa6258868e6dd3cf74d

      SHA256

      4b1d9d0a406edcb5e99d88d7e59882fbd6650f6518aa1c6d2134dac3ad914006

      SHA512

      c3e1bd7e496174a5da5a33db22a48616452aad1b2f5607ebc0ffd4511da5afa1634b713ea2f488864342b4f451e87f6c1fd25d3bea4ac7bfc382b138049f3992

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab254D.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar25ED.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/1708-1-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1708-1208-0x00000000003D0000-0x00000000003D5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1708-13-0x00000000003D0000-0x00000000003D5000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2416-14-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/2416-57-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download