c1bbd17d3f641e494bc0a6808b74365ca93ebaf82b7a4675a50ed6f11724e562

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6774a06aa7558fce73fa53d9558eb7a3.exe
Size

49KB
MD5

6774a06aa7558fce73fa53d9558eb7a3
SHA1

c8d3eb76606c9bd79c663fcaa69cadd9a13996a1
SHA256

c1bbd17d3f641e494bc0a6808b74365ca93ebaf82b7a4675a50ed6f11724e562
SHA512

eb8523f720e40d4d49669a486de143750d309d7ff6b3bd84ec7140565bf575e65434fd279219c4c08b776109330dfad90a82b26421148c02d3927705f2ecf745
SSDEEP

1536:g7t7m5dUyHatEMwlYFCajqyBY+s7tp6o2oeqfRAY:gh7m5ahAMY+Ypn1eqfz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4368-0-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4368-3-0x0000000000400000-0x0000000000434000-memory.dmp	upx
behavioral2/memory/4368-66-0x0000000000400000-0x0000000000434000-memory.dmp	upx

Runs .reg file with regedit 6 IoCs

pid	Process
2464	regedit.exe
1756	regedit.exe
4832	regedit.exe
2752	regedit.exe
4476	regedit.exe
1092	regedit.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4368	6774a06aa7558fce73fa53d9558eb7a3.exe
4368	6774a06aa7558fce73fa53d9558eb7a3.exe
4368	6774a06aa7558fce73fa53d9558eb7a3.exe

C:\Users\Admin\AppData\Local\Temp\6774a06aa7558fce73fa53d9558eb7a3.exe
"C:\Users\Admin\AppData\Local\Temp\6774a06aa7558fce73fa53d9558eb7a3.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4368
- C:\Windows\mybar\conime.exe
  C:\Windows\mybar\conime.exe
  2⤵
  PID:3712
- - C:\Windows\SysWOW64\reg.exe
    reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /v "google" /d "c:\windows\mybar\conime.exe " /f
    3⤵
    PID:4472
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32.exe /s "C:\Windows\7\9.dll"
  2⤵
  PID:1216
- C:\Windows\SysWOW64\cmd.exe
  cmd /c regedit.exe /s C:\Windows\reg.reg
  2⤵
  PID:1372
- - C:\Windows\SysWOW64\regedit.exe
    regedit.exe /s C:\Windows\reg.reg
    3⤵
    - Runs .reg file with regedit
    PID:4476
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\iecollection.vbe" 0
  2⤵
  PID:916
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s C:\Windows\ShowIeLinkIe6.reg
    3⤵
    - Runs .reg file with regedit
    PID:1092
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe" /s C:\Windows\ShowIeLinkIe7.reg
    3⤵
    - Runs .reg file with regedit
    PID:1756
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://dianxin.online.cq.cn/api/tanchuang/url.htm
  2⤵
  PID:3724
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3724 CREDAT:17410 /prefetch:2
    3⤵
    PID:3380
- C:\Windows\SysWOW64\cmd.exe
  cmd /c regedit.exe /s C:\Windows\WindowsMy.reg
  2⤵
  PID:680
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Windows\5\searchOld.vbe" 0
  2⤵
  PID:880
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\index.vbe" 0
  2⤵
  PID:2284

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe" /s C:\Windows\SetWindowsIndex.reg
1⤵
- Runs .reg file with regedit
PID:2464

C:\Windows\SysWOW64\regedit.exe
regedit.exe /s C:\Windows\WindowsMy.reg
1⤵
- Runs .reg file with regedit
PID:4832

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe" /s C:\Windows\search.reg
1⤵
- Runs .reg file with regedit
PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ie.vbe

Filesize
288B

MD5
0bd157d1a9e93eaaf163990efd3c6636

SHA1
5ffa7272f7e95057646859f248bc114247b4309e

SHA256
5703e5eb54bf7bd1a9a46e88b883a0c6f73be3a9445c94c4bbdb55b0982f6162

SHA512
6f82a517ca3db260598c6d09372c8a4bc0b3cbfc7fdc3790ddb4d5703cc82beeb443a9996f0f0fb4c5bf633adbf8a24afdfa03b53a643df2b37244098e28af8b

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\iecollection.vbe

Filesize
26KB

MD5
61689d57c5fc4c3c57cb719aa89be117

SHA1
1e10b51a70ecb179693d4b2ef9c95cbd5c1786de

SHA256
7476b0b5fa46a7cc6086c424e9faa41797d444e64da1a3fc0b162b214b8a1846

SHA512
7c4a14718671c17b0093f7ac9f941798e53331ec986f4d7a83163239da83ea4b782aa5c9249ceb2f16133ef3ef08af48863ae2a6c2be5e97f720043f3d2a04e1

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\index.vbe

Filesize
63KB

MD5
e130c5821ae87ba4285f993b599a75d9

SHA1
a085e9278aa0b1bfbec451612a7504773063275a

SHA256
9d33c076792193accf69e795c20922dc4458c284670856c6202b9271193b36a1

SHA512
c97cc0bc6f7f8b31950c0e64933c8fa5512e36b29f0ac1b9aa397a6d7ba2822f51ee430d0f7c735c9021e60cbdf67e3bf458d563a6564d07491befeffbed8348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver24CA.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BJCNBC62\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\Favorites\4399Ð¡ÓÎÏ·.url

Filesize
1KB

MD5
d71c4baf8ff0bf662de3a32a4e995f01

SHA1
f4757da0a27abd80e092f6ed1622489a48cf2a11

SHA256
60872010c4045af90c1148ebcafefeb70610be3c8d1a9b8aa6c3fc6b83154990

SHA512
f70108ccacefeb40a64c54d4f28732e88b87bb7a8b1da3bf72223b1b3737d8bbca367d27491363034a838452d869212e9b992a98a468d31b836bfa319266a833

Download Submit
C:\Users\Admin\Favorites\GoogleËÑË÷.url

Filesize
1KB

MD5
a487f63b421d3bc768edd8bb33f44d20

SHA1
6867f516e4ad6079fb366d60ba32b2ed76ac801b

SHA256
d2ed96fcd0c1a31d31df9dff3a1fe6c106d15e4057ffaf1aaa85a874ad0b35c4

SHA512
d70ac19a27b6e33f438765ac4fc4a120e1714acf93596a7cee859a82f952430b87ee1c76b787ca438c8b4885ecf4f26576a8740e9f47bb22774a56f3453e1edd

Download Submit
C:\Users\Admin\Favorites\°Ù¶ÈËÑË÷.url

Filesize
1KB

MD5
995c17673e142a378e914abb0021a773

SHA1
c6f4daa2481b2b17c30d87bf2cde5f206f56c715

SHA256
b2e193d0217c516742747fe5ce217942e5fa25e0c69bb5ce96383c97679b1a76

SHA512
55faf8d409bcf7c94198f86218e47500d32ce395bceb63b05ee1aca95a0f19144a7f0aefdfabb8d81ef791652cf9e8103d2e501393e4c5638d924534f4dd05a5

Download Submit
C:\Users\Admin\Favorites\¸ßÇåµçÓ°.url

Filesize
1KB

MD5
46fc3564d2e8f5e6ff08d876c979e041

SHA1
0784d432ab850be05d19a329581947112905eb0c

SHA256
30cfacb032b9f525cac23f2ce9e399d2f0cc3fb0d4fb2408d6e5dc1f6bfb41ed

SHA512
4dbf0f88886ae20ac078681f2308d2cc250eb3a5ef389cbec90cc54b09362d1a7031e40f148d5d6863f6273b4c99a94077ba277c4cdca3073d01932b0530e984

Download Submit
C:\Users\Admin\Favorites\ÆðµãÐ¡Ëµ.url

Filesize
1KB

MD5
8d52578cb1966b25efca32eb332c4b4e

SHA1
637c57216908dda6c16ae07a1c65b1ac5fb42de9

SHA256
7a8b1d30df749da7b5b80ccfdee20c42ade0a08932ed8f32c5920b0a93fa043d

SHA512
b0427391442c8568317eba52b3b98060298bd09e64b41385dae0472c8d7533338bd05d20262fbc4becd7ed01adfaa231c9a7aa06b22e0b7c00d5b309d99efd77

Download Submit
C:\Users\Admin\Favorites\ÌÔ±¦¹ºÎï.url

Filesize
1KB

MD5
d76bb92d72754adb66b5a3e3f40d6fce

SHA1
16e4448368508d9c648e6b9fd001c5daee5ef079

SHA256
9f6bcd2e7afa238dcf52df4375bebb86f84f83d4929f0a24bdd625249957ff64

SHA512
2563f51fa021e3780c2ed2fb251e354cb9295d47a52fce32fd2c83daf833c51ad610b73c589357e9213e2a0f234b0dd8cff536e44bcc8737d9f0020da9305aa0

Download Submit
C:\Users\Admin\Favorites\ÍøÂç´´ÒµÃØ¼®.url

Filesize
1KB

MD5
5de3eed04cc9ebef96c689ac5213a457

SHA1
f1b38b19253219fb62caf7e9b063f677bc8d540d

SHA256
a017167402706de92e486c660a012b3794d86c1a2b300f68793d55a6fe10fe87

SHA512
4aa05193e45a34969d4db9931ff8c77d996b14e5e2a00438b3c80fa758b15cdd19672cb7ef1ba7375a2a3d2ce1b1a5d2f3cb52297ea44d72e8121b07c1dcc33f

Download Submit
C:\Users\Admin\Favorites\ÍøÖ·´óÈ«.url

Filesize
1KB

MD5
c557501643c0e36067117f2667454e9a

SHA1
a21034e0827a15d644f88083ec699bcb1ad4f7e9

SHA256
c092d5f5d1f1369bb419d9a9a475229d479c38b5877d70c2965bd258bcfadb63

SHA512
abf1f6abdf5b4d1df268f1d932834d0fbf8b011c3b14d1f7540088536d686cb98f6682e157adfa88042443af6fb89d109b629897641aeca68e25b86d78a2c984

Download Submit
C:\Windows\5\searchOld.vbe

Filesize
2KB

MD5
6e0f1a44a991ba646d30719de7ee2d9b

SHA1
a42c11be86419238ba592eb3b79692f0111096b0

SHA256
5a4ee98975aeaefc7e784c36f1faf611ac421bad2ff71e461cbdafc8f937b4ba

SHA512
37e1a0d8e1087e11ad51f6038bc5f725484a9aceadf6b697457db1259fbb29e6a672af4af92c451d47ee57911845ae4728826b9612d27223431de691ceb1c7bc

Download Submit
C:\Windows\7\9.dll

Filesize
28KB

MD5
fbe32b3eb39297d21c8a9693922f2b03

SHA1
b261b975d400f6ade195b65c83c9de645f9156db

SHA256
1d7ebda8b43d465aea6ad5a291f1f093488a36b5c9aae7a9b3982ae1a105d17d

SHA512
5b23bc1c2b52cfd4ea17af92386762d2a7d5b149a30ed9bf48538a5e2274a69183260c92b98ac2b287231fdda30cfa30d7afe9eaa21267c7d5504752b20bffa0

Download Submit
C:\Windows\SetWindowsIndex.reg

Filesize
143B

MD5
4c3fcb0fe03094280e5790b954494d23

SHA1
083ea34d4766c0f1d816baa5aae4daf6600fd7ca

SHA256
5694d2c8a0db92e0878dae0d1f9dd3dc6079b9375633ad07e65c9e879c37bcd7

SHA512
cbe7fd8c0185dc5b91478ed5f609528de34810283a286acc67e48c70cfe32c96be226d0c6543ba6468a1c532786c7135032f636f1b584e8eba20bb8ebe8cd4d0

Download Submit
C:\Windows\ShowIeLinkIe6.reg

Filesize
7KB

MD5
4f69fa82c34c91514da21a5933644af8

SHA1
e131f57f41ce95b46195d460852718b83517579a

SHA256
7cd8b741bfaee5cd14779b69d71b362aac4c928097c6b4af8ce0ce16bde52a46

SHA512
276588f960d28023febd87873c7852f401ab6ebfb3d90bf8b21b1998949d8ab00badb42d1a05934587aa6b4ad0ab06a3d649dcdb70f384ca70339049243463c4

Download Submit
C:\Windows\ShowIeLinkIe7.reg

Filesize
9KB

MD5
dbd46bf2e72f6dfbb21295f4e3066d47

SHA1
cdd6ca2f6455c1e528c40a520bcdb8669df8f548

SHA256
71927f4f034db038385346e34209ad069139f54d73bae34bfaf4f29b7010fc6b

SHA512
ad013387a0c7608375b7a3c5fdb27f0d9e79b051d84b1ee9221346499f386d30473b5e2727f6a4e8a8122cf8ac2d473a5ce5e368e62da09441ed48e5c088bd11

Download Submit
C:\Windows\WindowsMy.reg

Filesize
1KB

MD5
713e7542ede7975f60b6361e4b234eac

SHA1
3a11cd2def80f43ac02850cfeac0e54f6ebf7a95

SHA256
8c4b40dfd44928643dd5dea8ff3e15eb9d25f020722bd2095d7d37f3a64fac5d

SHA512
da0578694cddb363d6f4f6d01f9881bbecc8c775c121aae3470bc6e49575fa2c65244043d7276d6f62390fab2926881a7bcfba5210ae312e374badd2b306dc8c

Download Submit
C:\Windows\mybar\conime.exe

Filesize
53KB

MD5
4f4f24215839af4212071f6f2c57ebfe

SHA1
a5c673d51d56a6c55be5444edce00cf894dc3970

SHA256
e18b398ffe129080a5cb044118d37b224fad53bc96322edb466a762252b65700

SHA512
b9a1e28f9a4c132a12127f3f7cf6b31a4cdf83329d2c1c357c2af088cf03c8887e75020023f4299dd2ce655d1898ac49bc5e4b6cfd80e70b6fc7e25ac6d7408b

Download Submit
C:\Windows\mybar\conime.exe

Filesize
43KB

MD5
91cfdaceaf6aa0514cc5737a2534f1be

SHA1
2c738b6d520435e6296c492bd53f203d2df2b62f

SHA256
0fefc2a05033b9d2961ac54fb1769b2b25acf05e240299c003d6e53cdc0b8afc

SHA512
b978f8162c9e78c2aeee6b28c344b892958e327b44bec7f29977e758a59ef90e838154d94d77ab26bd7aa009ecc48efeaf85ed851954ee1d78ff944e129540c0

Download Submit
C:\Windows\reg.reg

Filesize
185B

MD5
f62c5deb08df74f7f3cea25c6b7af137

SHA1
43adc1ba72c8983fae70f29bdc3ba6ae15b81141

SHA256
ff6236d2e884773dfebd61af053776caf3cccf815124343abcab4734bad4b602

SHA512
ccf6294eaeedff8a386dad260e6927507a3da0146cb5a3a06a6ab62c85009a09fbc056ae73e0264eaf3542a3bb4be24e8f142a81f0ec4820d9790fbdb614aed5

Download Submit
C:\Windows\search.reg

Filesize
1KB

MD5
9fc297755434ae17309f0a37a5eb9e36

SHA1
d1ae58eebcf5564f2e8542091cc4724e6cf2f90d

SHA256
4d910952568649b688572a188e9d1dc90933c4a098bccdf615f30655b121ed25

SHA512
b5b9e11c43b591a48f0a4799c41b57a69b68da6364cf095e1ff21e4c4333cefb66b5d31d495c1ac70e4f220afddc1b41379c74865b783465b21951406a67f0cb

Download Submit
memory/4368-66-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4368-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4368-3-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads