Overview

overview

7

Static

static

3

5fd52a6260...90.exe

windows7-x64

7

5fd52a6260...90.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 08:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fd52a6260c48ddfa1b09b315c484890.exe

  • Size

    82KB

  • MD5

    5fd52a6260c48ddfa1b09b315c484890

  • SHA1

    f73c7cdbc6a953dfc1d0715329e1304abcc31ca1

  • SHA256

    cfffce6bd2662276419b441e091517b44a84b8580f62442e1e372c6af2251ce1

  • SHA512

    40c72b0d217227b3ad08f0911a74f3af74edaefbeb6d057b07dbd4c207ebdd3737d511cc625da9fc9886e8e42fa6c14159a39a152226dbdca0fcc8ae27a0a7dd

  • SSDEEP

    1536:R6KDqIaiMHQC4DGjP5dEINWu7ajYEYGMe0mN+CkjvHjnyppguRQxg+HdU/cOz:R6KgiCQC4DGTDD5ajYErKmNo7nKpDite

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fd52a6260c48ddfa1b09b315c484890.exe
    "C:\Users\Admin\AppData\Local\Temp\5fd52a6260c48ddfa1b09b315c484890.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2448
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2448 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2848
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\5FD52A~1.EXE
      2⤵
      • Deletes itself
      PID:2588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49d6331f43363516eba17369526b2902

    SHA1

    0b3d1e67e67698ce2e10ff397c1fc6aab2367136

    SHA256

    6994a76be3f446369cd3dbd0803fe2c4530106ea2c56cfd4aa63cafea2744b0a

    SHA512

    4ff53d3c8293e0d925d6f0710e24a35f9894d6f4d7b691fb4de1311674dcb478c0ee8febf5ece9c0aecd949dbb4a03d402ed8e2132f4455688ec412d714f0db5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    531b94d8699d890420238dc7fae58b6d

    SHA1

    62b73e4149ceec64f423532590e1e8f8fbb6026c

    SHA256

    f95baaf13705b780a84c736679b8ca455cbc6d511806d019040955ce45403dcf

    SHA512

    a2a0d63c58439b068545cf249c06c57a2eae620d7971d845c1689d561ea902be1a3be73fb0a396304242e4450f9c37458807e85919353f09fed43ff989b6afe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3afc7dcd42fdde923ae77460b7eb2931

    SHA1

    e80e67f9cf06465b3a1be8df245a814b3b8dcdf9

    SHA256

    e3fe54fe720c12af3cbde072a2a60d092d87e80ffca98603f62ba776cae832cd

    SHA512

    3f0edca7369bc36b6aa30be47d62a254b49b09514ebe0792f087847ce3547be3324fd7009445f13ee31a1ca2e9cad88b9547ccb28ef59ada5785bd5ef3112d8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    902fa314179aba36fb27cc230237df73

    SHA1

    ad047ced821d7548adc59dd9c1b76257df3ab4bd

    SHA256

    b56eb1867c7b9de06f72c5ebcdd64c8ee2a7469ae2ca62a391b789533c480820

    SHA512

    332c38390bc87ed6136a90f2751fa1964d1dfba54c90800e0736986b5c7a4b749c300cc0a136a12c5b2a5918dc69118f65b2ae59f9b151f1a51b90ad0eb295ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d6e69660efbd615656405489e8d2f6e

    SHA1

    26c7bf3127a1905110cd5dd96a7e948407ff8f0b

    SHA256

    b762bd12ee7186911735ff87001e18eed380525aa70d103366bc72dc3c994789

    SHA512

    e37699d0891f79c08fd4dcec4d6466f971c7aa57dada81da156e0cc3c57224e7911a029d9fab4eb5bc40704ed1f574dcbc837ad63aa1b47b03110f1e2be62bd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    767ae8960869da36d25b566bb16a50ea

    SHA1

    ac8979e9a714db0c826a5659533f9967209e74f3

    SHA256

    64f0037674668aeab71015f67c233c5f11138d6d9c1bfd74068009cc8b1c2903

    SHA512

    199d46ea33006ce4f6b99d3243d988cf89c3eefaf8a3165d02871ace0fa9b79cf2222e5e2c2e8378cbbf689c1e64b8b6e5c0b8c6b7b2f26d2cdc26302aa2170a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    31bbf8c95719d87e02309448cd3ca039

    SHA1

    a95b7ff5a98d285493fb66b681c4ebc3fa79ddc6

    SHA256

    819cffd31d96667c2261dd83650153c2401b13514f2143b0e7a855d86301a3f5

    SHA512

    a87e916a42f2747f8c9c2b6ef21d220a2518264dd703246044a560af5c20ffa2bdb4a07786ce1a14b3968d353412a9ffc6dbcce7a6dfce4addc117d36f1332a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    36131a5060920416851e79193cb38999

    SHA1

    eedf920eb93f3dfb1fc7c9627d550ec59188b3d8

    SHA256

    7de630ab40a387f14f5f1dcef769140b252d401db7fcd7bb8f00c0a26e04c756

    SHA512

    1f84a10fad5864dcf93699c4ab2b1d3449221a5cadfcba0ddaf06866d8fc79031b742c7d56f58487d64b2cb81d0ac667dff4317a44c40792c5e26cd1d5bc590b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd9d23da98b04f95881e24cef8a07b11

    SHA1

    37ef3bcea2dbafc8618e5b04c7cc34a7d93bd920

    SHA256

    aae5b92aeb15cba332526e10717d97779dd4d3c9a5083fcdb9f598daef24a216

    SHA512

    96cad8e35c0e81142f0c835eaea04801ab9f2062f257c92e7208c2cd08f442d3ff5650f5f28de1f143e974808226c41119b77c6f1b010fe04ba1a2d4e039fae8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f627267f29e981900f40a56d390faafe

    SHA1

    1212448b52372976fe1f01331f42ff744575c6fe

    SHA256

    223a20442a890268dc0a58902949e73a35a159908b73c7d5b2b2fc7251ce2110

    SHA512

    47bc656dfa512b5b44c22015fc5512f00ed7a50608d8dca4d8f8cd5680c4c171db56c4a3099456536383f3c7849969fb5671ac7cd430d9c7157586a2e8fc17ff

    Download Submit

  • memory/2512-1-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2512-4-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2512-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download