Overview

overview

3

Static

static

3

054f80a12b...a5.exe

windows7-x64

3

054f80a12b...a5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    72s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    054f80a12bb212bf720976d5296097a5.exe

  • Size

    219KB

  • MD5

    054f80a12bb212bf720976d5296097a5

  • SHA1

    8a347f66743b34af9dd38031d45708a3b0b98602

  • SHA256

    5fbd4d8e871d0811a2c5333f9fd48364123cf919f03a1ce59969501e09109a8e

  • SHA512

    d4b10321fa2524bab8e414eb91043546861604108a129ef1d3057b293c52153e7b3829bfea2a7cccaf89be1493a72a5333c7b3951afcf1755fb88d22267bbb01

  • SSDEEP

    3072:ExnTsKjMdHMrVR7lJwshdy7LaTS9tyLowTEbKLsdgMDf6c0XbAaQ5UA6VQwAgF4:ce+R7ZmfaTKyy8sdgnpm5P

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\054f80a12bb212bf720976d5296097a5.exe
    "C:\Users\Admin\AppData\Local\Temp\054f80a12bb212bf720976d5296097a5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://vivo.com.br/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2308
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2540

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    44dedbef51650dcf4d47301c43e15d60

    SHA1

    3260bb731f5358df8f0d1ec9e73ee75165ae8fb8

    SHA256

    e9c6688e9fb100807917023aea39d072bea752b3985f846e89e667d6d9c2bd19

    SHA512

    8ae64b5c7e0a028067de57f1f33f5d00efd719d91b4dc87df510a350659e1eeb129374efca72d2b3416dc5e17ba911ba1849df2dbd7531ee21b1fcfd240ad01a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5c4b4237ffcd8c0b314c90f9cf4f057

    SHA1

    82d9ae6b2da454704eab094ed40f8637d783f083

    SHA256

    5d2ed5aebad7f2415e8178cdd284c65a70246f8a42ed1e89663a1c09c29bdc47

    SHA512

    b7e8b863061c1cdc87cbfdc1e52a07e7c0e17611d41097f3347acbf0a47342cabae21dd5f4ad17ff0bea0d9bf54b40c6a05ee69f2f16016fe7061fdac81a1eda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80abf00fa1ea34c0cf30463a9fc6ca71

    SHA1

    24338d49e47058ccb342a088a3e928c9a50056fb

    SHA256

    2b18f1af2843e9a5e70d80bf25627f1e1da1ca4fa834a500cae56f3b3ecca893

    SHA512

    5b62dc57f344419741bd1752ce23db615eb0401522afe2280a5f5bf3e824458d54aeb9368418cc5abf74a04d3ef4552e91dcaaad728de18240a2867064584f5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ee8ed557108681e78120fd2d1f691fee

    SHA1

    9aab0dd316365a0ef16497ec85c0068d6cec2867

    SHA256

    8d8a0fb93a8cf64f933092ebd8f3c11815d6849c79c4d7e725b9274bf86e9946

    SHA512

    1eed8558f2b50e4a01bb7341a5dae25941384a7d2e974c946a1c103feac0a63852bfa1d4e47df70201a45fc4f7a77ff1d21156a54645f56fd27cb65565f889a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    588f63f8335db6b458b0904e0ba59e48

    SHA1

    5cbeb4c497a8afd31164bff8968b73a1ce5d4aa7

    SHA256

    faa302c7c98dd1bdcdad097db6b045826cd33367a2203a50e6ce5470e9166035

    SHA512

    a6df753ca245366900727721cf4b49f7bcbb13bcc0bb6af31db3829b24f352e7918d4a6852de2364e61d3522868ec5cbf5b6831ad0ae790c9d0ea8a7fc8715a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2df8e2eef904ff886a0beac35efe6c9

    SHA1

    f5c50c4646f34a46a4fe31276e09637444352f14

    SHA256

    19509cef72964d3aa8a6e3e6b68d6979be57322bea6a0241458cd8a0a9a976f0

    SHA512

    c4f8d94a1de51c845afdc59c8b335f893899ac84c6112fa39563a67da23418070c78c565b6fca6635c7749db11ffda0728df2456adf1664d6b3649ccc98c5578

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e10d5bf98553efcb004efb59b9a6bf9

    SHA1

    bf39cc9b005ad97d5a04c26ca867429b155cf1c7

    SHA256

    333e0c47960a0f36a1f1ce17ee3b629bd86d78b0770568c550dfc93fe2dff27a

    SHA512

    4b6f8e36958d337a0ad854aa8c9b9e1d3ae090b0647f6c58af3512e017e1fb1fe366607b3f90261efc6d608254c1803e586c4f4d4d8679f0a6f5f721af9ab607

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0eae2c375a5beaa8dbd047a575110297

    SHA1

    8c40f919fb72aaee2bdc04e8408a4cd2463752bb

    SHA256

    ab986400f8cf7f927f85f3d1e6135d45cc01cc27e721fc9014f719bb82bdc68c

    SHA512

    6cea76d9f810033bb5ce1befdb6162143ff22bd5745626c8090548e199ede7933ab216f38d6a6b89d08309e40d856773e51451806bf99f4136458ee26cd16da8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6b199e1f36456d3a32bf8c64e5a9cec7

    SHA1

    876af913add1e2e428e5b38171cdd7797a9fbd24

    SHA256

    b0cc966544fc4760165cb61a4f1bea67be8857aa31f4ebda741cb9f5d37d0157

    SHA512

    403440aff2ac28e217d5300da86b43b95eade7ebc4593a05175d56bd6f072a563570e6ef82a8ba57c5ae7a8d68e745cdf6b9243acbb5e66af858771fc8aea0ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73777c9113568e741fcda501ea0ab49e

    SHA1

    b7acdbef2970f2de5bec2e5c94d59ca1f0ea59e5

    SHA256

    200ccca19e5d9d2561b7e195b3ec1686cb3f22b43dd8baf7ccd820e8937bd351

    SHA512

    f8ae4cf202951ea13ae4effd05596e5db395336ac4f9a94bb6272365fc88558a42df2dd91c5e065ecf904cb22ef91afd73208f898d1e0e4c4e6d459db95e73b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e7ee61af47d1f2eaf364bbdf0ca7245

    SHA1

    b9ffc237acfe102a32f60795ad62a820f09291a3

    SHA256

    cc600018646c871ccf17c85659fa27159c99aa2324117ea6a282aceedcf9294e

    SHA512

    9ba4584dbb4d3ab631658e570ab8a94685cea9499d6665f80cdbdd125d34109cdc18841662fa41355e493962ed4a2a7e7c81073c1f178df787e1b1ee3a14adc7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b9864d3025b35185f2d61a67e8761d17

    SHA1

    2b5cd4f249d46444cf05ae27dfdd6a87c6c35382

    SHA256

    7fbc33a01af4431da694cffa6d06b9e273fdae2a3d2f454647ce8866fe90caed

    SHA512

    3937a3e7169a6102c9c93be95c9bab48d27409c4c925ed8126214c3a120a60546be4a5e53896d3967d5ff9e45030898d188e7541cfe7cfb18758c722a411d5ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f80d144528abb042845d0d59648dc61f

    SHA1

    d9ad07444a80163e3ab9b57098fb33d7ce0b6deb

    SHA256

    d638c20b3682ea356a37b2863fe175d65aabfb48e82333b2cbc2234e3e6de86a

    SHA512

    02767d9cd069a7106cb36b056f42f0e9760187bcda5ab76dece223b9e273226094582ad838a0f7da9df6c64793487444812e1ee249d211487866d414725fb0eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a514bd958539c8e9863eac5fba183d4

    SHA1

    38f57a010b0829144605d10994a2bc00facea1b3

    SHA256

    854a7ac936eb23e44d0a5629a38f05bc9917c6bf14348e7c2f34ba59d0662296

    SHA512

    581fb6bf47b82e7e5c67b843dfd5a615766b91f58eb6ea621a50b678d94fb5a3a2e83f4de5abe2dcf2de5fec5e6b52900b002e277ed243735dc5d14448a40424

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c563d51fb127ceed854c3fcf58aa4965

    SHA1

    dbeb74ecd95deaa7d8e5e2dd180a3b7ec813878e

    SHA256

    0db273a84f4a60c8a0a91a68af80894bca6760e1cbf01ce14db1965e9db5d272

    SHA512

    fd6ff5f5ed377284b54e1c9586ad78e01f885adb6788b579d37886a1d0275f90cf97fcf9ec48ea9f1c533e6365a894fe6d6eab5cec86d91fd8bfe604171c6a47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa6fef060c73a31a5084aea72ab5a782

    SHA1

    82566f35eefce7ffe5e26f0f9a5cc16a0dcb4eda

    SHA256

    eda1096f7f5636b070b163215700c157bb73fa445e74e7c4c93be4d1dad82588

    SHA512

    ae703002c13bcb0733f4cdfc85f37373daf2f6ceceea4d1957d121e5eea6bcdd7695fc4664ca85eca9e85bc65c19c3ddec4f99f052014b46296106f1ab0ef352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    b37b6f58709298ed5f5cc8790a967122

    SHA1

    4ad54cc0e966801c1cba6801f8419b693e9c6f88

    SHA256

    0181884ce480b46b4a10e99fe5b140b626d4ad453e940ab25afe0e465caf7aa8

    SHA512

    3d9561e260cd80dd06a26580eb905c358cf525333dd0bb5ef47b5c71c76dea2bbc669de3ca5119c4cb01eb2a1f08ad6e7ba87fd85d7aa6493a03608dd72e55fe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JPL39WU9\www.vivo.com[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat
    Filesize

    1KB

    MD5

    fe41884e34b21c646b0893c9253153bc

    SHA1

    7c7e2c633a002cfb1e5efcefa3873afbb9f4651a

    SHA256

    534a9efbad4db16109119a102813e9cbd462d23bc967978249f331e4eb6cb7b3

    SHA512

    4b59da17fc9df57a5f5a3b9b2cd2999273037f2d4734ac55873052ba5892da71bd0d86d4e1ffefecb8f4a9120b67938ea6e3a29fabc35d4198ec38730cf828c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W67OWC77\favicon[1].ico
    Filesize

    1KB

    MD5

    efc08529bc616807e364c4f3817559a0

    SHA1

    a3dfd859f0e343831b214b7a403e2a85eaac5c80

    SHA256

    74d0108fae57d031c2885eb6fed895385f431497432c25f1286e8188fa89dd75

    SHA512

    6f29f7e11bf7ebfcc940c3fb1c4e1767f7b09df8e6b4948c4eb8b57accf37c4f6bf58324bcfd3a88fb709909627c1e1584847a3299edd57737c561db8221319d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5298.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1972-0-0x00000000005D0000-0x00000000005D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1972-1-0x0000000000400000-0x0000000000476000-memory.dmp

    Filesize

    472KB

    Download