7df8229d5ae53d5e7b8cad9a4bcda5c0b1b55cd413b79068c32ab092e65c752b

Analysis

max time kernel
96s
max time network
193s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 13:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

72c5438987f39d06fcacaaf6020850e3.exe
Size

38KB
MD5

72c5438987f39d06fcacaaf6020850e3
SHA1

9227f95f2d0679945d4642668d3b02d595aa5f1f
SHA256

7df8229d5ae53d5e7b8cad9a4bcda5c0b1b55cd413b79068c32ab092e65c752b
SHA512

2f12c3ca7f892d6a7444040c28a21bae0532196d81603d975005f44ecc13b8f5357b7bb3b84633ff6b6ae9a5d30da578e4fd09ce3146a2f0eda50d99f02c4058
SSDEEP

768:J1cGTJEcAxRwi2sUOcVOjfZZJcu9ZdQQWp:JnS5xdzBuQfZxZdQQWp

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2860-0-0x0000000000400000-0x000000000040C000-memory.dmp	upx
behavioral1/memory/2860-1-0x0000000000400000-0x000000000040C000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" \DelayServices	72c5438987f39d06fcacaaf6020850e3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2860	72c5438987f39d06fcacaaf6020850e3.exe
2860	72c5438987f39d06fcacaaf6020850e3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2952	2860	72c5438987f39d06fcacaaf6020850e3.exe	29
PID 2860 wrote to memory of 2952	2860	72c5438987f39d06fcacaaf6020850e3.exe	29
PID 2860 wrote to memory of 2952	2860	72c5438987f39d06fcacaaf6020850e3.exe	29
PID 2860 wrote to memory of 2952	2860	72c5438987f39d06fcacaaf6020850e3.exe	29

C:\Users\Admin\AppData\Local\Temp\72c5438987f39d06fcacaaf6020850e3.exe
"C:\Users\Admin\AppData\Local\Temp\72c5438987f39d06fcacaaf6020850e3.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.download787.com/sanity.php?1=478214-10013
  2⤵
  - Modifies Internet Explorer settings
  PID:2952
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2952 CREDAT:275457 /prefetch:2
    3⤵
    PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c176e1e12e463edf245764ba0c5662bb

SHA1
9b82574fe63b3d2f4b4f31ad50c60aadf3979506

SHA256
0296cdf944c4a5fd2fdc8dad6af07178233bef711f7c94051b8c03e0bb081132

SHA512
c8dad4cf6aee1f0eda688c82993764f18e88cbd2cc492fe32a30c321805530586cedeab8be65cf748c016385a798424de7747b4c921d20bdd4d9d49dfd02c98c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
15f1b9949d3c6978b522bafea97d45c2

SHA1
2df9761af1b958da2e8958c0c3999ed07a479618

SHA256
5d77a9ae1902594e1cd5cac269dea06d5135cbb8cfa0926bd257ecb66847cb94

SHA512
f3a729e50c5c3c98be85f1db748baff0599df53732cb1cf47e846fc580233a46204190fd43fecc8a64085c9b08a89c9de05461cea9d46141f3db3d372739561b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
69f4aa0f86950600b3358512d1da894d

SHA1
1422811c55f24f9ae1ff2fe7155f8e565d3e78f9

SHA256
b11e7fe663644afa56e117140b5bef15518963dbdb974ca859eb7495c9d2f266

SHA512
49311559dfd4e65b41baab6965e08bf065b685c22a50df1f67f01f76df2f71b6805ca38f3047ff76808cddfb724d1ab75325c688d09efd7be0ed730932d1f6a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
05b03fc7e0cffbc9dc5d3d94783b1449

SHA1
a6a5d67d65c9f8eedd80b0c115bb216910631b75

SHA256
fe5d3d4a4a5ee7ce439cbe54c2c224569019232eb2ee3515071b2471b3372490

SHA512
a205580b8c41e13dc3979a27b52e46ed0d53341df31a1da823ea53abdc727e14a925d365b63e566b2c8ac3787fd1096f493f4830e51fe73a2a4bb375171715cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
205c8e19b13a3300e2052517dd9f93f9

SHA1
1d0bef6a6db322d0e216e8c97cc1dcf092718d24

SHA256
5537f5d9adcbb68e424ca24da697e29bdf6f5cade371d54f71d75b9b207a4913

SHA512
2e772eec3d0cd950314781afaa6a5061d0f68a2ed39d94dde79dd03c047ea1815badc505fa084a9962aaa668978ec0a60ebf1b10844936b89433e2ecd4d12aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c35dc68881f435d898180df170fff13

SHA1
4ddfff59dd7a7b025bbd2bfa62ad3ffdf308d662

SHA256
04f7e7e043f696384e14dc35ad19c6f2d2cd9ff48f007fe27f2b5fe1554b2683

SHA512
1c80a929c3f22979fc944298b8a2cce5df643b324969284c99704cc8a6709fda58905d560a439fa1388ed74cc734bd2fc726a4cf984371022fd1b9abdf28ff62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a8dc690ead32039f0599932aede683e0

SHA1
7457268b0ec90fa7532fec36d43c277dd18b8765

SHA256
31c9a999dfd74546183e02415946ec01a52726dbcedd514cd3aed729372c9e33

SHA512
441070eaf9210444d0f67e84d90dd3efe0bb5e4673b78fb66fdc50cb370d81cd31b3c4b85270da5b3f59d5bcf36dfc497ca1887e689efa0e65911f691335213e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4493d622787762318e18ecb89094e77

SHA1
51acff1cfa913afafddee7fead12974628919221

SHA256
72d65d6fee8c246c4696f4467e89b4ba8084973378de1819102ca4f4ed841cb6

SHA512
eb0c473759d1670a0e4b17f06e8241680e93937c99279895702a88b09744c8259bd46c263f319277a3e6dbae8d5a3142f0974fbeab1004ab22afa54ea6ce9d1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4ed6bac66c26625424d48722be485ac

SHA1
2b0ac77b9637cd96865d34b3b0687469903b5b87

SHA256
90e08cf75f085f05a1b79325207eae0805d40f277c30de42d9ac1750127401ad

SHA512
1040ac9405d5831e41fb35a5ef32ab991c4aecf43f4ce0d528a7c8b97f3372cb3466dc574fef701edd9fe15b62e34c678d1a757ff965554cecad1ceabc2f0beb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7410fe5386edccb0af174af5dca9a84b

SHA1
b0c9548fa81ecce4adfb72596123c5d9ef480567

SHA256
4474a095307e43701a6ee1ac1ceda469c9332b5bb2de605619ac5c11c1591982

SHA512
523cc5d274b3e64308de02700491fe20aa892b1c64876e6c929baa5acf23168c8919c2d7d7cba7624016bc3d9938cf7f0d4a40fa7e90e9cd1efde0d1b390a824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
13a655078566e95c0653da4fb1391565

SHA1
2681ec849a2a413ce6b8dcc33a31bd9f56aa3162

SHA256
de40ecb71a699b94fc677ee22f89cc5d70f4d7d5e488c846ae030a27a85581cc

SHA512
5f3228f8a40f322268d933d7766f076cbdfae34204a4e3ae98d4ed46fc53297728cdcfe03b26947d260bec1ce13b75ba0cffdcb7cb6bd5bbb7483bf2b034757b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76c2c6bf744a43e02acc69ad05f361e7

SHA1
1ff70e25fb32fe341f4006d350d8cd86fba308f5

SHA256
4a7dc9cff2e59e6ce4d4d0121635ccea613e1e95e1a853ccbcc92811c69cdf1e

SHA512
e9b7555c5615442d43335521a2024f6a0f501c08265ce14328b8b1b3abcfbd7075c61e9c8f45563d673b2b2b9cdcf53205a766491dd85b44062465fa51052990

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1e3cfa013caba4e1c01dae0818cedc6b

SHA1
2773fed7840e82db83c224ad4c4c75d4bbf254ef

SHA256
5ec12c27a936f2e4989b7b617755b880e796ae3cbd6451415484356b86f7ecd1

SHA512
1cede931e9076d5d257f5c61369ee6c5c95c10e497be13017b64af0f642acb52e71a9258472c25fb510dd98954571f3743301565fc605f7fa06190ae8ed0982f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4974a54492456db79e5e0e6c949453e1

SHA1
38a4672864ad47742a7b16b5cd84b2db970546d6

SHA256
8103771371574befe276e0284e2f05e014e0568cd29d402e8a70f7cf3be89b85

SHA512
ea098597e359f5d547ce5b6478c94b254330ac6dfb04c403250ba3f9f2c3d655284c5429b703cd82c1c0789cab9c264018cf2f5e0f3d7ce12e95747983af69c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
63374284f971b24dfcae83046d3a6704

SHA1
5a47cf6a3d47b38337bfda8f1718734564450acd

SHA256
73c90fb2c9f6fd1f1afffc28de9615479fba3b2d44e52322a0f5fc3a1c5b40ee

SHA512
a56c781a66d9fe790e0be33835d2526413d66ab4b3f28cb866621fd711f893d5c28f659326999d70ee81aacba5339ec5d5c33b1ef94adc8051a99d9df2157a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6bfeb2c44d34a66af5aefd6c8e03391c

SHA1
511d2bef74461a617f3077aefc8e62b4b95c59ee

SHA256
3a3e9f5b1d51f0d7357698fd4dff26ebe62a429f8d4b8936d5211dc40a6a7aa9

SHA512
b6c68787efdaca1a26aeac5158ca6978f58ae4e2664a30ccb77e8b1f1be941eb6254d3a2bc34fb385c309cfe730e6a2d2166f3537f52271d2a03750e7597748f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
255b7a13208eaaed3bed1530fc010cd7

SHA1
2359285d3c44172ea3fe09c144b106a832dfc4e0

SHA256
89f51fc1fcb3e987d86bb56d2ed69571d52a5595fa7ce9c17667626fefaf7b8f

SHA512
9da644af8086e1c559d386a7b0dd70cdb5039edece4e4af7fd647cf71072f33857939c55c7dec51185e33b3c00e1a2d1a89f6c6542962fe89f3969ff198787ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a65eb63631a80e74aae1603b258a40d3

SHA1
daefe1c8f77997e07a6ba6cd16ec2e58f81ac7c1

SHA256
8a15592b65902cc54d0c70b949870bd678b7b82f198f2e8d2a8b7df39710c3f8

SHA512
983d9d0037a20000866d52dbc7b5a0b89f0545a4a653c0659a791f22226e7e6d6f9a165930b6c5d9ba5d6d5f1640d01f46949a1282bba86890d39060462f195c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D19.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5651.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/2860-1-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/2860-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download
memory/2860-0-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download