Overview

overview

7

Static

static

1

4cc5025716...09.exe

windows7-x64

7

4cc5025716...09.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 02:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4cc5025716ffdab1a6f6af94bdcc2a09.exe

  • Size

    385KB

  • MD5

    4cc5025716ffdab1a6f6af94bdcc2a09

  • SHA1

    8d41c72f6ac6bbec2f4abccbaf8a9be51484280c

  • SHA256

    115a9a900cdc28dff73e1a52f280bdaaba468174116d906fd22b1eaadf6f11a2

  • SHA512

    ae90ca96bc628cbe26e43a46e648e9ede4b30e8d1fe49f2844e25995108ff539b17dd65ce41c71deba708dea94cdc8e5d88f9bbd2994cd476134d909bb99a284

  • SSDEEP

    12288:SQiGNCL8+iDNdR2+MBTlPadSfXioRcpMXVJo/:SQici8DdXMBTlP0QjcpMXVJo/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Script User-Agent 8 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cc5025716ffdab1a6f6af94bdcc2a09.exe
    "C:\Users\Admin\AppData\Local\Temp\4cc5025716ffdab1a6f6af94bdcc2a09.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Users\Admin\AppData\Local\Temp\is-9LGL3.tmp\4cc5025716ffdab1a6f6af94bdcc2a09.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-9LGL3.tmp\4cc5025716ffdab1a6f6af94bdcc2a09.tmp" /SL5="$4001C,138429,56832,C:\Users\Admin\AppData\Local\Temp\4cc5025716ffdab1a6f6af94bdcc2a09.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2208
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://spreadsoftandgivefun.com/cgi-bin/demo_thankyou.cgi?token=undefined&subid=0051&ptf=undefined
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2480

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          df2fe05698bed318ffb0a65eff379817

          SHA1

          eec92bf62fe69f48ddde811acdbcbdb483377363

          SHA256

          bde0289377ab5e44b05feb6eecf8244cd493394ea6c5dffb67b1d21b87adccdd

          SHA512

          a0a46721e596f491484ccb947e2c1296e2adbceb5eadc0aad8abe4cccfdbfc1b4c6d5b5dffe13d27c2843306c1888ea0088fd1d5dd881159c6940461eacfe972

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4865d8bb4e8011c6cfb59eacafceb431

          SHA1

          60fc8c4264ef79af0daee79c5b76c5516547507b

          SHA256

          f6b8721a4483f9cdc33d45d956217d15b97cd6d46d3b00541971972af1d37ff3

          SHA512

          9eb2365f01dcd2a05503053073248b2f04661289b88b4dd6ea8bd412174484003afe731905fab6205e883f6948e90de0f5f68df69ae498ae207999dee43a850c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b9093c5bab99364adedea1fe3c49c734

          SHA1

          81846d946cda1fa68c7cb57009b517dd3e31f430

          SHA256

          9c8a49ea8de47ac24597c0a1e91f4575242efb60207aa9c724217566d6bc22dd

          SHA512

          ac1e30eb38ed0d95c95206182471dcf449df88bc874fa11326088790754cfe7f8705d09bc845045828739ccfdbf28fe63ac0f18c74a7fd54f7fd3c02dba0a0b7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dc0ccd3f456dcc66061cf962d3e9130f

          SHA1

          53f9bb5ba9540f2791bd7c5908e6d31f8a9ddc01

          SHA256

          fb45dc8adaeb9b046e6c7ba55ad3aedea726ea34284fd500ec31d7d602e620fe

          SHA512

          bdbb7652e854c317b5810ffbbe6811025930a30c20caedfdab133c2454c532d52b80432ea5d504d0ddde9d6c05cc405e62aec2c9fd34b14ab3403f803ccbdfcf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ea3882c7db774096296bd887d1c9599d

          SHA1

          c41ce4f48c01278fc5a5594b543fbed90f472183

          SHA256

          9f5fa5c3dd53a2518108c16d231f0b1f731b699f3e0b10612bd3b7cefe824505

          SHA512

          ec2099fb70282ac83dacf32015454ee99e9922d2626a04b6f5f50fac8aa213c433ee55fb4af8683f6074859419df74e9589e08e5460b2d92ba2bb50a41715b8f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          29eb16905c41860b6df5dca761163ff6

          SHA1

          ad44e2cd91b7073211594f3f5e484260cdc1e2b5

          SHA256

          e03c17173edfb775ec9fea2440d9a0428ba1b7110a3985b3215e324145c0ca62

          SHA512

          cf1966ba7b4afd3127a2cc7ad74e40a47414c9d3505c95d7d0c7b481bed82062537624cd632b006813d66a3a7d783022eb7a0fecc52ff46e1ffe5afc7e202a4a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3490d579b5124c1fadb033fa38e106c4

          SHA1

          8458020a5530526e6107b3356469c0a2cd0269af

          SHA256

          c2bd1a16739406d65f276d604d39112be0741c6ceab34db392763b4d1f01d6c6

          SHA512

          90e832b0ebfef0dc20d647ffa73bea273dd7aa81d8a7e7657215e9690c00146b95a96ff84b7824827cbe0a43b4177096ba32fa1ee06a8b825c8dc82d0d151fce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cf884aefa1dd6a40ce814f70f7e4e264

          SHA1

          c701ff6df878efc521a9193f6ac740e5a289229a

          SHA256

          93182f422498570850d1ced725482410b17be135750fe223c733228564f5d992

          SHA512

          9c5de2bfbb0f588c703f4d257f2a91722aee8baee431bc8c20b38203f397aa26ce40208f81dc1c5c3db314ed6d39f8763e911b289e1d58727f18d6fab758bc2d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1b08d7beed49770188d098c3a79c79e4

          SHA1

          7cc23da213ab91ae28fdabc1cf9faf9943ddcba2

          SHA256

          d0b3841f5cca375699a1b68229ffd765331cb6a639cce95aa2f97ec6c96d7080

          SHA512

          1ea5f3d2d803680f49dee9826db51905f18936dbb69a15106779d2b9c9faa914e6e44d82a04897e3956beae48cddf786ffadeee77917c6c2c1f660a1bf41f996

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3429f58bd9759508d0c7cba72178932d

          SHA1

          7d86c3e26988dd49bdf315f02c18c2bf9e9d23d5

          SHA256

          f3fa1eb3a99cae75bdac83599893ad2cacae9e27550ff0a7f9d81841b8acba6a

          SHA512

          06186537b144915b49614451b93849ea1681afb52307fdb26b27e9809f2223575cda8d0e3f0cbef6e977d8386e2bf819517fb3c3e7ecaa5e393529e3c668968c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          662a82c0e4d5059c91d704707ce62ea1

          SHA1

          6de5e7fb4e9efeffcd964073e795bf32347033ef

          SHA256

          e98367a33f4aa77250a6cc8b055fd355723badb3f1bd6cb256568b69395cd13d

          SHA512

          fab8f36cce70a69a419442d36f21c293ee2d8cc2178c838c27b93d74f12ac709f9c60a97d2783245e26b95305593630e3ef155be97c002a5b06e898f12bb43b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarC45E.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-9LGL3.tmp\4cc5025716ffdab1a6f6af94bdcc2a09.tmp
          Filesize

          691KB

          MD5

          9303156631ee2436db23827e27337be4

          SHA1

          018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

          SHA256

          bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

          SHA512

          9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-T0I1U.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-T0I1U.tmp\itdownload.dll
          Filesize

          200KB

          MD5

          d82a429efd885ca0f324dd92afb6b7b8

          SHA1

          86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

          SHA256

          b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

          SHA512

          5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

          Download Submit

        • memory/2208-20-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2208-31-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2208-27-0x0000000000530000-0x000000000056C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2208-26-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2208-24-0x0000000000530000-0x000000000056C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2208-23-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2208-21-0x0000000000530000-0x000000000056C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2208-10-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2208-17-0x0000000000530000-0x000000000056C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2364-33-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2364-1-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2364-19-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download