b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1

Analysis

max time kernel
0s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f660b7279e4613eaa2f18e55a0954bcc.exe
Size

2.0MB
MD5

f660b7279e4613eaa2f18e55a0954bcc
SHA1

eda18cc4e4774885bfaae2c6ea4ae2f5e49c0690
SHA256

b24e1c522e4cde05978e17faa213ba34b0547b5aab4e9c3f318fc935516f01e1
SHA512

23a05ae4915cd807520bcb4ccdafc0e0fb0a5339e946ed628d25d6e6c650628bd38f886392f828c2f70628713c3fe703eee5551676c054173218aa5b4e874670
SSDEEP

3072:Cqu7aslM9lhLElGtSIs48417nFdcQ4FdHLDC62ftOS2N:CqrK

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2792	winlogon.exe

Loads dropped DLL 2 IoCs

pid	Process
2844	f660b7279e4613eaa2f18e55a0954bcc.exe
2844	f660b7279e4613eaa2f18e55a0954bcc.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-76-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-73-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-72-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-69-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-141-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-779-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-778-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-2098-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-2105-0x0000000000400000-0x000000000043F000-memory.dmp	upx
behavioral1/memory/2876-2106-0x0000000000400000-0x000000000043F000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2844	f660b7279e4613eaa2f18e55a0954bcc.exe
2792	winlogon.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2792	2844	f660b7279e4613eaa2f18e55a0954bcc.exe	15
PID 2844 wrote to memory of 2792	2844	f660b7279e4613eaa2f18e55a0954bcc.exe	15
PID 2844 wrote to memory of 2792	2844	f660b7279e4613eaa2f18e55a0954bcc.exe	15
PID 2844 wrote to memory of 2792	2844	f660b7279e4613eaa2f18e55a0954bcc.exe	15

C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc.exe
"C:\Users\Admin\AppData\Local\Temp\f660b7279e4613eaa2f18e55a0954bcc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\E696D64614\winlogon.exe
  "C:\Users\Admin\E696D64614\winlogon.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2792
- - C:\Users\Admin\E696D64614\winlogon.exe
    "C:\Users\Admin\E696D64614\winlogon.exe"
    3⤵
    PID:2876

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
PID:2436
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2436 CREDAT:275457 /prefetch:2
  2⤵
  PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1e31f5e5364228c7f4423df00301f3e

SHA1
4f7b7fa55d86f17dc0fcf8edde662331f1d14f79

SHA256
700821ea48dc4bb50137fbc499116a90b60dbcb4c72775d83cbabd279632c9b6

SHA512
d8695241192f2d1372282350ee09d957612efcf57444e68811443d0145b324c7d72c26baf14fd834c3b0db8cc4a14a8eb97e391726e200ab4bcba5b2bffd6fff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
013f5f208772733b6923b13af53db43a

SHA1
25c15e4d8d7fb96f0837e19f09fffeef41350680

SHA256
25978705c544c357584551c5dbbaf58b78d28826a52a93bdec6ca3130fc04a5b

SHA512
99514882a74857005dc32baa2c613bc354133d02778686052ef1486402428e236eb9d9591804bfcdd119d2f4cda6853130ad845b7d4ee6dfccbff0975208a3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f5ec002ddd6473dd10e6316adf8cfef

SHA1
e4e9e9e238150dbc6bb5f5519425052bfd70d171

SHA256
7ad46bce8c18524c974ef3ccfb84fa6b960f41c8c1f9cf97b2d820fe52ecda77

SHA512
011bab07e3073df88e72de07b2be05b9e3f14f383565f061173de661f5cd505c9624efde6870745391ebdb42b0e026e28e15b829cc8fab7c7ae628da9ab69a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
698e6f0c5e09be2a5250c58e473def7e

SHA1
188b00b4d965e164f96f6ad39b52a44f3e0ae9b2

SHA256
3e46aa3a1796084433b39f8410331e065ba34c0976f9710d9de64f5f2a38a65b

SHA512
2838a58dd52f7898723cc03d98c1f1b16ee11e4fecbca2e3666dcb473c7fc96a13ee8b056d1539e71d7cc1bfe8c97f8f441bb0e2644a9efc22ba5c46bb953e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8a1a4c0e5cbdf6f44698c38109681498

SHA1
6c98507b65e793cc19ef2d483bceccb564b81c0a

SHA256
733b75f55b723b0ee34db8bb0ebdecb46fdb02f60432eb389d21ef3f29daee33

SHA512
6bdea0c0888c1287baa1161b0961c5ce164e96fe55e67e3ceb55efe6885f8e25fbc0004f8f5cc2c10556ddd392986616d8ae796f99af157870f79525c998ef92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d351bf8bc1da4ea19fc6f2879660fd6f

SHA1
3f7e7e6abf12e16c0f3bcb8e19df3fe09228d349

SHA256
70b7e3c02cd78376dcd48226ea9c78d210e6d36870d70fc2cc69675bf577695e

SHA512
851709299c5b036ccd27c899a2a81fafd46ff9584bc09350a9da44590dcf3d4265383a36b961a3738403933015c75a1a87451477281405cc871f877780683c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e42f3814073e504b4e851c496ecf1b93

SHA1
411a2083e2a736115b9cf50134bc32fce5789caf

SHA256
2dd7e6ad248d23b5295f408c85307db8869bce5c75b023572cf1d60f59c71de5

SHA512
bf5f7f88f20f2d9b5041bd793055062ffde518d3ac573f2054e9745652c2bba61cb0b4cf898c805854df83758331c158fc33b7cd1ecab1ecf1316321b966aac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
87305da239654ffebbea7a896a3944d1

SHA1
0c444c8012805a31113d35ec18d451aebff78c0e

SHA256
3558a1ca43195e7143b700348edfb5ba6db6047c6f538ffd8f64260290283aba

SHA512
28eca4055a16b0a3d5e9530b3e79eac8ea1b4aa33beb3c09a2bf5dad19546cee62f716048d8171e78b918e716320491467f62c45ca3976178153ec1f3ebb617c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
069b09c757ae8292ee70b858a1b59d27

SHA1
7e8fc09fdb4d78c207aa996663f7b63412151b28

SHA256
07ddb425b364a98b85cea666eb5d12045f30ed6617fc022e1a02f162504eec7f

SHA512
990df085b59f24147c04956ad33edad139397229bf016a244d7b939a65209ff85e6f00d7c1d18880d7711fc7e79f75a8cf88c59bff8e977c8c5abfe27f4bf6dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3b57addd903b1b1b4c32a67bcd9896ff

SHA1
e7ae7ee1c60867800978a7488c4e8999bfcaec4c

SHA256
725a4ea8f4e8f0b6956f537fcaea970af5f5b4847c4c8212351151ce708e6d88

SHA512
a303ec8a22702affd0b83a3fceda3161415f08b3f8dab394eb84197c3fc05551464131a9115531c246c73a7ce92417875ced908bbef71668719767d8edea6fdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9a2625f55f5a0b84e42640407efec149

SHA1
146b42b1285f4e8cb53b3caec21ce17c437cce3a

SHA256
e808e94e2dad4b5ee9b642524a4f6858ff78596fd49ba7311f7f9e7d505b35e6

SHA512
092ae876804cfb2637472998811cd05e83be3978fa900cf84d0a44ccccc60957addec9f2587f580c439a74e6c94d5f36775c7f5d0d76820c89a8fddfae99801d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
74686c43958f2d6f4c894bb1aab5d0c9

SHA1
5f2a8c3d502a1cff17ccd60ccbab2ca004c9b5b6

SHA256
7e182c2055f3c69840fce051235c73825bb4f7d6a84e6e6a321d3a86e887c97e

SHA512
9d358449cd8d07b0f01d0b04a868eea7805ce8878a3f79a4243580c9c100eb696d1d9b47dbf9375368152e6361b0b839c80fde9e4063e51153a7bbb2165c2023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5c6f0c71ecf949c3e12154773321b74

SHA1
77f3f697ea49003e8aef446b89eb73bde380369d

SHA256
c2b83c44a82dc49ddebef8606a616f192866b804671cc68937508597cccc7962

SHA512
109563a7bfc641af114ce91909f009ecfa3520b51160317ff1b98adaf07719e3ca0c109b7d16362dad294229c42af9d6a316b27f509ba7f80a3bbd07bd7a4375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f498e3e4c1545b83579f8a7444480fe4

SHA1
2759b92dcb6c6ba057d66fb1f4523eb54a3088a3

SHA256
78653a4abb11e6ec0042369dc143addf8ea72fe6f15176d15e271975cadae8b8

SHA512
10fe5130b4514f69ba6860538c03f94168c485f7bb9436215f8d925d5187added08b4adac012e3a7469a03686101a1264fb8243cce91bfe6d9fd66c3494e1042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\cf.errors[1].css

Filesize
4KB

MD5
2884367ec8f9ffafcbe10ab055518196

SHA1
16fa75f45604c4b17a53598ebbc687b1fb33a4f8

SHA256
fd1ece9e4494b726bee75d241cb345a68bf9c8da3704cf7a4fb682aa3e085764

SHA512
1a8c6d29c97e05fc17c6ce41df469b028ccb68206c1afc2441465b94098b04312361b92fb907ebc5688564090dde9d29b0f716af8dcebb3c2655be51d138ca99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\styles__ltr[1].css

Filesize
11KB

MD5
0773bd39772d568707427d1a3d32f052

SHA1
307b35b0653610540044d9d50f94e5c3667fc0b5

SHA256
723587b485b732d2deeaff100c6bcfd421f3f5d2a7004750664ab42569312826

SHA512
8752878927740b3c44e751bd3cb54ad62cb5fe4939bb90e12e4d07ff600775df03603a17d844ad5c1c4264c9d7edfe06f5efa70767d0e046243d58d939e9642b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\cf-no-screenshot-error[1].png

Filesize
3KB

MD5
0d768cbc261841d3affc933b9ac3130e

SHA1
aff136a4c761e1df1ada7e5d9a6ed0ebea74a4b7

SHA256
1c53772285052e52bb7c12ad46a85a55747ed7bf66963fe1993fcef91ff5b0d0

SHA512
ce5b1bbb8cf6b0c3d1fa146d1700db2300abd6f2bdbe43ecaac6aebc911be6e1bcd2f8c6704a2cfa67bbb45598793ddec017e05c2c37ce387293aae08e7c342f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\domain_profile[1].htm

Filesize
6KB

MD5
7f943015933e9dc6fb6de6a926621dc7

SHA1
4bbfadec4e773908e8a91dcdef447dc84ae03bc8

SHA256
afce29cb26b3f08760860e052636abeaaabecfb58488d46bdccc3fd32346863f

SHA512
208de5c9c65f348bb742bd69daa3bf7d173d68b825b8564eb5dee63f64f575a4b17b1663bf58db4414126ea32f738b4763993d311e45fe00358cd21fc7baad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFLWQ602\recaptcha__en[1].js

Filesize
4KB

MD5
66ab14cee4d7eae2fff67280330ee851

SHA1
cfef953711b80bed731e461b25617a31780d1a1b

SHA256
2a02e9de61924973a5a0787e1fd325c5230a5fcd27466a7d05268d3c078b95a5

SHA512
9d6d7c62602a8aa36387126396d9ef1d046c29fd4c509fdbd1ba7cbf49a878fefc0dee8695e6b677b99de68cf8e3e74514ba35502f729dd24dcdc238debd92b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFTKP12M\browser-bar[1].png

Filesize
715B

MD5
226dcb8f6144bdaafdfbd8f2f354be64

SHA1
3785cc5b3bf52f8e398177b0ff1020b24aa86b8c

SHA256
8c873472f4925d5d47521db4d52532d2983e9cb1bde8b43143a6cc6db56c35db

SHA512
ed898b12c4895f7aceaab443c1071e6376db71b4dfdbd769f5f3be71d562438a18b5e5dc36dd7cc610926e380603a894b2e81df4302680c736a412bfd3360d3a

Download Submit
C:\Users\Admin\E696D64614\winlogon.exe

Filesize
4KB

MD5
495074770fcb1ec47f5d929e7ec2b225

SHA1
095303fd00e7e156ce48aef827b4fcacdc6b672e

SHA256
531b9c8c9f35cff036212d55fb3014f6978883620dbd53e09aa703f801681b66

SHA512
46865c276077bfe473f8573157d44fe9ccaac4d9bd34dddaebc6262e718c28adf1e16a523abaacbe1aadee4be36150ffe684764565c36167f64a5fd219fd9ad9

Download Submit
C:\Users\Admin\E696D64614\winlogon.exe

Filesize
18KB

MD5
10f9716659454776f523f698ba717e3c

SHA1
caf6a21fb47e7270dbbbb0eaaf89c33074cba2e8

SHA256
30aec70ee8f2c0f4ddfe69e0f9e8ba4f3043891c3fe2be2fd81dd1370f1b6840

SHA512
eaa86ba27b2c8e94c2ac45f8867e5ef29a26a11a5ea49439e8828a1aa374e5a523bfc3a6508966c25f0f9e4f80f3c6a0e14d05d07f3a4c0faf2674a59aaeb835

Download Submit
memory/2844-0-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/2876-72-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-141-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-2098-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-73-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-2105-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-2106-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-76-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-69-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-778-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2876-779-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download