Overview

overview

6

Static

static

3

6519c91911...e4.exe

windows7-x64

6

6519c91911...e4.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26-12-2023 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6519c91911b27ce81a332cc95995d7e4.exe

  • Size

    142KB

  • MD5

    6519c91911b27ce81a332cc95995d7e4

  • SHA1

    2406b58bba99427b0870fa86cb01ae84dd3b50ea

  • SHA256

    121f476982b8e760d8e12d50217f790a6c1e41ba525bf3567c48a2259198d1b1

  • SHA512

    1469476fa003e75163d7bfc07e27f948bfaf21371b079286ec09fea493ad264521612836654260c0cb528c23c0e7097bd46516d2b1e5b715ff0948af3ca21352

  • SSDEEP

    3072:dCLaWZnv398CKZQg3gzuocdv+aQMhZU0gJW/EYV1+Tm2:0LaWZ2CKZQP6Foa33UHWp

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6519c91911b27ce81a332cc95995d7e4.exe
    "C:\Users\Admin\AppData\Local\Temp\6519c91911b27ce81a332cc95995d7e4.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2820
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2820 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    daa671f6fb10e7d95decad84831ad0fa

    SHA1

    41b0f8c5b1c05c1dff6ae0842d8e565b23f9f061

    SHA256

    324c15ba88dd1269b887dee97a839008c14d53d4eae313046fafddd6d97b5ccc

    SHA512

    0a06cb32fa40a8307990186efcacab8ce2cf0845f3f77b9fa394a45944aa815cd1503489a06252f5034bf0e6522a07a62d6b3d9763179a43f69b1dc2fcfbfc4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8ed28511bfae4ce2d3880be50286eda

    SHA1

    a8c29b8d90625debd02f3c105cf1adbe5792088a

    SHA256

    1ee5f136a3d05da2f5c9ecfd48c026fe58800a02f239c6ffe335909c1ba71aa7

    SHA512

    cad67e2c4fac2f99abdd1f2bfa8c0bcb98db3b0cdb5cbb07d88cfa0f9cb486ab5e12e67d1eb616c5a5ff2abeb3b67c6da7ccd367c057baadfb2859b9458ab38c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dceeb9ec913865fa3f0a242508c7c1bd

    SHA1

    fdeaeb58b7351a15b77ba90eb3827608685eccf0

    SHA256

    25cba069f98236283752b3679d1023c7c78c0c1e3dc159af378d1da29f7f2a0a

    SHA512

    b768aecaa37d5a0d4baba9f9ab419fd9c0789e10c5a734972a2ffb6a359138e1977b39e2f50ae44d3acd97d0fe0ffc00845372e40b675c1f1867c8960a4ef0fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05a1d58dfafd67b321177990e14a23e9

    SHA1

    03e54cc8af101bdfe56bd026cea4a6c4d12c8d1f

    SHA256

    5baa13b228f7f326b1f00df067ecbe206b4f05db72930bc9138bfed26e1d9ec7

    SHA512

    f7461af65e8be9be857f066be1614de1226632f5f0816b69e29fbfb50758a0d495aac085b9b3018beaab8a2999b26649deffaef3f22d4ae4321c45ff6bb6cb66

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    db9283409ed732d2359e602589771c73

    SHA1

    a680dba1fd8f8f0805a5552013e0a430c1357d6c

    SHA256

    f7850f3681d4a5239991040a6c01642026010f38df13ea63372d2257c58d983b

    SHA512

    2225e01cfc5802f8138bb65a70f58fc98a037390d3f4290bd6d731812ec9e94837b5bb79867fb449cd239fdd6a5473a8504c7ad77e4c62fe1e6dd8a18f818ee7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0126ed072388a0e85c96b72fc55236b2

    SHA1

    3e38da94f490845ab18296071bda6d750ba66805

    SHA256

    f315004a07322de7c37f6e4948356f6ff23738dc557683661d7f6f611867e728

    SHA512

    400d95a3fbe7f35ba663e9936fed5259b1e1065302a69db5f955dd031e56b832fd7380411000f81ab63fd1bbd1fb9be3f0e4052a68a641482231d14e1de045f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddf5c578aafa905a46229b3ba8d001ca

    SHA1

    a6b4eed001ef3f0307580960bb348af65be205e3

    SHA256

    65e678da9f990a29d636b8dd48de655f439329da2332a099aaa58e0b0692d94e

    SHA512

    3858ed3b48875adedc527684704263f7a659051b1eddf9df7f987085ec06dfb4fee1bf23228a22922fe6b6a4a22bab2eecb39fc1d6af26ac2b7312b9c6fa4a41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a911da58157bba33465af66a649ab554

    SHA1

    910127171627e38b38afc3f28a993d031ef751a9

    SHA256

    1a3d59d342ed09e8c3ea8956bdeb9a54b69f6400d47f7c1c263840ffba8f8af8

    SHA512

    e4246d83d9d2e092611dbb41854225bbe4bb990ee34bdd53442f9fdd11639fabb39263538d83d67fc7983f234d55abb0a873af8feb9f1d5b1fed27a2e9645a3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2d06dfce817c2075e9f8a13d5e4d3fe

    SHA1

    0df634a2c4b133740572d53af274b2875e2d478e

    SHA256

    b18152f44b7faf4e554ea091d7d392bcfcc070ab282e803ce8b18ca8219714ad

    SHA512

    07992a35fc1eb6d7ab00606c9e1e6b7e371548992c2e53ab6533802bcc4309e87e74ea644ee59f10bd0eb3ca0f3185b2dbe6a82c55564a747b916369fd4b71ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a500841aaab82e23a7bcaa87d6cd6491

    SHA1

    63a28d20c87ce2d254b9114d04e295d1ba755bd3

    SHA256

    f87f4cc30c2e9e818312c71d41e38afb22160f114ea401f7f0872c673215c704

    SHA512

    da98b8762b4d0061f1e4524f2121688c1f7f4084cd08c02be411608ce6605d0ca42a1671372bf104cfbc6555e48dc67d73cafff5776f462a9cccef9501514d0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42c36e6401807207f3a5b8ca35254535

    SHA1

    a1e230b49090b8d94dcfa8b814799cbc844e1cbd

    SHA256

    580ced285528bfcd16a4a9aa1d2c33e0e99fdf7651e2a7f06f4ef52ae7b56400

    SHA512

    eaff1974e8664ef3d9ccb729364101b1cd08ea04ce62b32cf5ba66feb42e8d692915814e8d1f8dcf282daaa53b814c97ce50c65f9d65f2a2d5fff4a0486dcab7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fe8b3db315e8e663acd5b97eef20dac

    SHA1

    814fc5d51ead43c57222cb10000498cde2f4c80c

    SHA256

    e4e6cbe7eb034ec81fbe17cabc81f8208cef21f47b067ce830dbfbe55ce37f2a

    SHA512

    95c5c1ca629651ed49b95a9b331f22bd950fb3288f2248ddaa696844ce4e778c45b9e7da61d8c19ff35de2b26fdf4d2b829ddb266c18368469d0652a1b2967ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wz5r4lq\imagestore.dat
    Filesize

    1KB

    MD5

    6a50795ce7bd12ca22fad2e4ceba865d

    SHA1

    8397d5912ba5aa7203e309d6dc4affe5a2bcd0c6

    SHA256

    83b73d9207874480c968930e7db536d92774d045974a1928fb0bf8dc1da55714

    SHA512

    fbef1860f369255c1ef35636ffba39b281a309901e9b62450b7920a2064e211ff0e45ea76beff70c48a23b3049f5cb6b4b891e759fb64e8ded6845ea9ce91a9f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E324WJ9A\favicon[2].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD09A.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD09C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2108-0-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2108-8-0x0000000000280000-0x00000000002C6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2108-7-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2108-6-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2108-3-0x0000000000400000-0x0000000000483000-memory.dmp

    Filesize

    524KB

    Download

  • memory/2108-2-0x0000000000280000-0x00000000002C6000-memory.dmp

    Filesize

    280KB

    Download