Overview

overview

5

Static

static

3

4cc985e5a3...48.exe

windows7-x64

5

4cc985e5a3...48.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    182s
  • max time network
    186s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 02:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4cc985e5a33f2693b41a48847f070f48.exe

  • Size

    2.4MB

  • MD5

    4cc985e5a33f2693b41a48847f070f48

  • SHA1

    e80901a7a8a38fc15bb17c44ccd5929476e8427f

  • SHA256

    c097cf5f58fd5c0cc8cd81d70900997e377e40eda728d218a7c8cf90f21f9626

  • SHA512

    d878a7a2f871990fc52b6dfedb222ac2f7bcab9e697d09b182b75d75a83e59a86f872e864521a58ec57c76bfe4be7ce14430fa23d0372669adddbc87ae369b1f

  • SSDEEP

    49152:iPHxH2CbWtuvD2zEjGfPAhqhU9VelH0OmS40dzRWlv/qM/oXpmONbRNo0xPDu:WCtr6YsqhUuHtE/qkQpHzNom

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 62 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cc985e5a33f2693b41a48847f070f48.exe
    "C:\Users\Admin\AppData\Local\Temp\4cc985e5a33f2693b41a48847f070f48.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://lolzteam.net/yeahnot-hack/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:340993 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2516
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://lolzteam.net/yeahnot-hack-key/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2508 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1158ec988cb28f08d91b4da42afc2153

    SHA1

    dc743d9e79cf355b0a622aa4708c839477eb213c

    SHA256

    c212953fb5b821f1755731616795cc0c8fba3bfb641e778f0ee0121f0873af88

    SHA512

    fcde2e2655247dc2ace9e54a1963d7776100e7e5e47d0dfa34f1dfbcf28adf20616f9b1fbf5d1578bf1e21cc678c081b4e7322b754e352a502c6dfb87ac83c6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0994eb90954fbc5de266ebc6a20bf4ab

    SHA1

    ec3195199e49f0ffd6a9ac40664bc271fdfb4529

    SHA256

    90c2775a84bb2bacdb88da457037504011fe438ab7425acd2fe827f40cff8c07

    SHA512

    72b8cede4d2ac1a7774239aa09b288df535d23ca86c1f74021dcc00775840e7c3cbdeabb695b53799cfca13f7b2cf79b6f2245f52380d133337fd06a06a8fda7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59f733982080626f7b1a15cf68e4c180

    SHA1

    057798f8676e97236a7eecb0572cbc61c1d6213b

    SHA256

    5a59b869b0645df2ce5262c43e00a98bde682ec38ef0c3cd18b97a5966eee869

    SHA512

    5cf233b5d698582e40a40aa57ebbb40f7f07d4fafb3d68b573936e55ddf1ef79026cf882a6260e416e4ab205efce7ddb686605bfbdb37241960e1b3fa3a4f21c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14d2efb3702f3ccca5bce581a186b0cc

    SHA1

    65f22f3c3eb5ec2ec5c6323de0b9f14f6eb1c951

    SHA256

    2974f5347af665e2ab4c71f815b48cdc1ca56d5d8f5412f47ca7c763bfbda636

    SHA512

    ee6d0238700945242bde8342236379846c967cec37d4d79d440363724bc2a7a2bf3f421f82eba9278dbc1fd7cc3e5ca17ee583377c538ade48e40ff866e03826

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f85313d2bf85bba61ba69c8cb8e570b7

    SHA1

    b10337c6c1e6d4626da3765e817b7283dd6adcb3

    SHA256

    e6585c28b9f10fbeb33a802817ede66b92e1a139b29902136ddde6fd5acb48b7

    SHA512

    811f77faa742b249b4375d6b3ea79cf4db66152d585e4caf48c23541552a49e051bafe26293e207c98a969e1f2a581c908aa686188488a3dc5ce112f5ffe16c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0eb9d03ddb72f0a9a22249e5d73396e8

    SHA1

    70c7ba6fa53cac2b43c38e01823bbbd52855ce93

    SHA256

    293686ce9a7e0f850d3d9fe408add83385eb909069eb4628d86e06e60c817c6a

    SHA512

    4630d6d39f4a7eebd2cddcb56244eecf1eb0491d9c4609fe6cc2f44505b9ee6de4f28e444c64131b07fb7b2251200060682968cf8642f9cd4cbc50e5ce9c62fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    089f04fd344ddd89b01d32ef393e35b9

    SHA1

    f2d9d268cef69f155f6ecd6f4ac74e5bed81c48d

    SHA256

    ba21f6e4f5c8dde53a54619fcda77ea3c5bf0165801904eec80e9ac9ebb8b899

    SHA512

    325788446a3a329e2bd9336f471d209585978530585ae42b34f15565b0199b29f74bd5485c1cf247dd21469a0c04bdba7fe550f20fd2896b0516816812d59d2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb7c28a4b39c594aa8efa356c9fbcf88

    SHA1

    c1b30bf5ca0f3e57a57233c03c641178a2b145db

    SHA256

    8938ff9381738f287200301c62bf1f7f3ac4b328c1c2ff51a54e638e09dc3981

    SHA512

    77788cb3d77aaee2f58d94a934f594f7e8c7991f77f1b836c209f9ccd57e7fb41957427ebdcea8f5c1805d09fc3ea5109bdbc991fa39872b69dca761714b5a98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b25d271de60472802692f9cd3c14c3ec

    SHA1

    9d5ecfc882cd583bf330705dbdc9e46ab35abf3f

    SHA256

    efc4a66fa958dde0e464b5b5930f6511c3c516f16958291a3ba929a9f72e58d5

    SHA512

    9937b56a58ee0a1620459c6c6c8113747939ccfd9e8fc97653269033f71f0d50fce5b394f5cf81d3e316c69412f021650731903623cf7b6b420a38a15769bd34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    399fd0e61bb008ac2169c7ee4db045fb

    SHA1

    5a8fffb48d5c5c6d3f8ecbef33ca6440b8101618

    SHA256

    0724736ad589097fa36fda54a78175fca62264c4301ec6b01a4ea95357129f20

    SHA512

    b878e9fff86feacb5ba6e68c2fc0231db18d05461bf306e6db8449b9b165efdbf959ae567c7df22bc18860cc29e9eaf8c0f09345f83bec031c142ff669fdda35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    20d1069d26e5838b2575b8227d256376

    SHA1

    913a3b601f24016af951cd7a05d59ad521609c78

    SHA256

    3ca6c0fc91388e4b9008d5bc772454b20d1e2f36f698f59b62c37269f48cc9b1

    SHA512

    9479f1e240bb02136e23941a9a3227f881a661c667495d6b1b17536f2029cf0372aba98cf36ed3d22f5a76ed28bf5bc8256f91871f529fc2eb45edf9f9fd497c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c610cb9605101be3e272552808f05a8d

    SHA1

    e72c629fe749cc4060b73299d08c0c9b11560f6b

    SHA256

    ca0e952660680ccdf2d2db646de0a138d4e4fb36fdbd182faa520625a11b14f4

    SHA512

    5be6aeb4ac9fd485fd3213fc890ac717c926cc3b8f0b03937def24780fc2b0b49e95c29e140ba61132790fa4be275351191306ef25ce5792f18225d025941d28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ebab25ce45a6d89774a079f6129ab19a

    SHA1

    9b10c14ac906435df729ae5253f6b12156ec5a6f

    SHA256

    b9896843359187c89a513d990394fdcce4392433333eeb915f7923c9e5ae7925

    SHA512

    c303600d16ade250ef5b435ed03c93ee77491ab173c7457e0b4570da9bc57496a85ca86e3cdef5ae0eaa24d10c913b0dd8b770aceb629f590eae5886ea049686

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b2d2d680023141c758ff05f679caac4

    SHA1

    5ea9de87106e011be060c9a8d10b58a9d7c46d0d

    SHA256

    906fa642a76683bc681fd1b2f5868db09c5dc1843dc31da4d4e1af672ad95d8b

    SHA512

    77e84f2ce8f3173c3aa061887ec97b870df7286832275fc7026ee6ee1e010697059fea237fdcb8b0c9905203f39f38bf1755249008e619681bf493de0c09f406

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9ebc9ca8ec324fb842438c15fc79731

    SHA1

    726d7fba92cffc6591237ef40457322f08c69549

    SHA256

    3f92596816735e8a37b3f8f65bec964e21459829e199db87070bf89ba1301f09

    SHA512

    6655d6f7636c114a769e7b621ed56f026962b23ec34250777f69cd781b19b1bb9503cb206e23933878fe6ebf048ae4b5a3bda65b59cdd257cc7b59e43fa11782

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    47676143840465f38fffd7da626ea66f

    SHA1

    d80198010efa7fb3009f40b9bdca57cbd0ef5e37

    SHA256

    ada2552f82a631d3a55a9e66cf0acf8a20992871eb30151f7eb733de539a2974

    SHA512

    df12f0104df20f0cf268fe8e2ad831341af6c5a69048c1ee892abc58612f71157a4bb63047d3731062008970010992a83ffae02bbc0a3dc96c6079cace35473a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV6H14B0\bnBquNiZM[1].js
    Filesize

    31KB

    MD5

    136bc91b923c115f678c13f3740bf8fa

    SHA1

    d8044de6e6a8b05f087f9fb73545d5b2e9666d61

    SHA256

    46e2c2af87720b7ae5a86434547bd9bef9ff21fab2956b64bc48f17dc73c63a7

    SHA512

    2ff613aa8dc2887a5c2f9d8d40e618ef82b8ffc46392affd32a9fa2225360f1db5244a51f82d5eba8fcf3c200f179da20433761a3ebb6fce0e4ede99d129a3cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7D9D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2708-4-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-9-0x0000000077D60000-0x0000000077D61000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-3-0x0000000000860000-0x0000000000D81000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2708-0-0x0000000000860000-0x0000000000D81000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/2708-13-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-11-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-8-0x0000000000100000-0x0000000000101000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-7-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-1-0x00000000000F0000-0x00000000000F1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2708-59-0x0000000000860000-0x0000000000D81000-memory.dmp

    Filesize

    5.1MB

    Download