Overview

overview

7

Static

static

3

0502e4b85c...2a.exe

windows7-x64

7

0502e4b85c...2a.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    142s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 21:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0502e4b85c1333d49ea24f76577e4a2a.exe

  • Size

    409KB

  • MD5

    0502e4b85c1333d49ea24f76577e4a2a

  • SHA1

    53f8ed0b37a0e4af0f19f6c47e3088af98796842

  • SHA256

    2539f24416775d70c79153b057e68ccbc5c284a46dfe21a0540d24efcc565767

  • SHA512

    3a0e459bf0ab466462f8f86bdf4ef0a16e1eeead0c35db392674ec4bdfbd27d129f1bcc0f5e094394db57734230156df1c12fae15ccaff94aa6ae1f0d550ae1a

  • SSDEEP

    6144:Om6UslBPo7r8P1KLS7iEPGVCwnFyDVB2LnzuOPXm5TvCzh/vOWDE6M+Y0i:OmDsl9oVPcye2LR0mvwP

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0502e4b85c1333d49ea24f76577e4a2a.exe
    "C:\Users\Admin\AppData\Local\Temp\0502e4b85c1333d49ea24f76577e4a2a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2936
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2316
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1716
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2960
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2628
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:472070 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    520a7ad76b72f9a2cff0661142724c61

    SHA1

    18c8af4d60ce1c5872e2327d556f2ee60bf0f89d

    SHA256

    3731744fa0a302dc87740393ea3a7427b120273b4a44dec6f7857398d22fbb33

    SHA512

    c65972a92a4557967b5d8819cb8f587eff43367479ba2b67971311410e7b08f5d52f0e9f284e142604f8d013532eb494c09f490ac4b5be8bc32f3ce28b89ca96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    00195105cfd70b380ad7be0fe056f3e8

    SHA1

    00b4afd04a757aa4bde7c0dd0a5e9571ff71beeb

    SHA256

    4a6dfadffda3c85a894018ea245b8fbf25649ada6ea82c029764fc70024a9d2b

    SHA512

    1dac1b5f7a5797197e12d3c4fa104a11df80d0991d942dd34af0918ae068dc8a2b9248ce1e7c156708e8cae4b6bb46bc4d824d12a1e1caa8931e7ebf7c4b6505

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4baa8a7d203a5fb7996511bb77cf044b

    SHA1

    5142749042935fff11e39fd1df4ab33eee9dee8a

    SHA256

    21e51f3c23b23a7f6665fffd7f614f692be5e87aeeb5e0590973a97fe89cf2da

    SHA512

    eed86b8769d8f96e8b154011b709cd7cf3039905f51dc2502865bf3ad542cd18d1be3e32657711a425738a2d6fcd3b96c24891fc2ccc9817d181f715cada75fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b70df2ba15f486bc2827df3e4c99ca47

    SHA1

    25a47671d8cfe40f6346eb3afe3554b174814aaf

    SHA256

    c4b1ab7e1a539b949ac8d854731a53b640cfd6308740ad55f61b0f96383fc26d

    SHA512

    4b24ab8317b6699a06d41a71bc8692df949d1f3704ebe16f7a249cad15dab73b5def7c9c5c743fe9604ba7755b35eddd73c52718d262993b926950fdfddc1580

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8eefb4686e3c8a18413e845fb98a6745

    SHA1

    42146ebda5d5939c00f3417c6c07e81fc3d073c0

    SHA256

    4fa51d6e5e8e11cfc6989dbf04f4d53206910a64a28196de53c070079d7bd3d1

    SHA512

    cbc95457996c3bbf70f9acbababc9d0780e337e689627238aef71adb1792fd3410b4827e713a6f76b6539d160db61e93e6e3420a2f596224cc7849087784e601

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50255e4e118da2c9dc2fdb141faf0a63

    SHA1

    51976d8d63139d22b27cd4a4255280f211f6cc0a

    SHA256

    3ad2e50c78f0752b244ad406c147a1676815015fbfefd97818482f06cc5d514c

    SHA512

    9ca850f102ceb2b74d81e6518d87068b90040d164fd607b1acde41d0550140406ff4550ffb0ac38e9f533f04443ad8309294bb7cf54691f90531192be33cd07e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9e1a3908aa77255e6d922e9355c9e684

    SHA1

    7abfa7a4f0a1ce652f6d8f7281cb45bcff0c5423

    SHA256

    fd01b4c159884c3849e0b78fc4caafcb204b2d5c26cc57216b2c5f875578b0b4

    SHA512

    c6740862518b0595be2fdeae8a89eb7bc107fafd13410b571ee3401018e9f0e7ae3a778fbb34c903b5718854be9a0a15c7521cab6e620598648a87087738b1f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50672500f5aae20bb684595e11aa669a

    SHA1

    8d151e1cc234f2b5e509b4a5cd5c8cc3816cdcb7

    SHA256

    4c371fc11a0e00ef73eb4d80a01f7759f982fddcd952d829a028168a3bfc054b

    SHA512

    6c26e4a56de322dc27cc6ee546837922d7ef69759739a126b27f072b571ca4d358a472d42edd42358c8a3025aedc34a1328cc445c61b9d8b021bd2d022e847c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce40d36cdda4783c8be8339e73c37e04

    SHA1

    4f2bfdef42d49cc1553009fb8aeec6c9a10418d6

    SHA256

    983093997ed89cba107a5bdad94e76d559a82ea06a5d1e77546392dee73f634b

    SHA512

    e422eeccd26a802653b6d7aa003f31d9506e8b0b8428965a6c02a72b0b621709e9043342a51913aa72c7ae36a8b2197e432e99812680b7443093985a26b445e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55f210587f0afe9c8641ca5a47e4eee1

    SHA1

    cce21a18437b648b9186e883fe1ed1959d85ecc8

    SHA256

    9588706b45309732b25ddc7895ee599006463ed76f3ab0fabbd66bfec79ec86d

    SHA512

    e28cc4f04185f934ed5aaa20943961b59a148509a0c50f616ecdceb9a5dcffc001dc07012ba7898bda7240441b09c3fb39c59898b8d2d93051953a9f5e4116f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0db83aa6543f528ede6603b51320470f

    SHA1

    81c86d8465a8bfad9c784c4e322742e7424d9ece

    SHA256

    bf7fb57f2f2c61b224ea12308de1c64986d1c84cbf97f84a1b929f751fd94a1d

    SHA512

    5db331aab9e19cf22534fa9e6108857595e0cc0585664b2a8d5ad50a464477c7aee5182acb395e22fe791a8948e0b03597716db89a4f12ca36b15d5a8775cc9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    98580e39542eca5f8a42d2e032021d51

    SHA1

    9f4b7ea84779e958f11926d1b65efd6e60553ee2

    SHA256

    30cd79a9d3f6b15b2adbb870087e7c25f19f692a7945096f8a43e2f644f456a2

    SHA512

    794c5e4ec6fe7d45089042b8e87ade32023b859657c4d85b40567a165b70836b210f3d7ce5bde966434920d0b66b82ef96ded0c90bd14408816b5e31128834e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdc4102ad2d03d6be76d4ec1617b8671

    SHA1

    2858d2f91968db19c855ae500872e898e9eed936

    SHA256

    51c8e2cec811b6dc6dbb12717548d4a33e9f3bfa33d0f88691a90a04a8f14f16

    SHA512

    ca58a380d7e61089890807ba14bd3b4506ba22b57b0fd7275d1393283ce0c294088a27bf35791c40706940717fedf1a1adef167fca5cb9e61d689b9c546ac0dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3bfa530989615c5a8236c54b1fede736

    SHA1

    9f1578659828dfbf9a1e5f6868e4b2902bc7b787

    SHA256

    94d9f3869398818f7f766264f9f6e2e711ecde22ffb14323c8f0ffebbb1b1737

    SHA512

    a311a0e0e2d6d3eb41557560cdb485706dbb31dc0b1dda37f1dcc36c581c324ce735c28a7cd1ab7bd30897b1fe0b632aa70969574592b914bf23935abded0e31

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5e45c1b92bc2ead1b0a1490e18ac938

    SHA1

    02ab4a0e1d02a60f2fbe5c0526d7d83fe374b3f0

    SHA256

    aa9594370ba93d3cb28ed2d99e29ba6892dcc2030ced911ad4b6e7d4aadd7172

    SHA512

    1e2a412a2a93e2c2e49d1e6c03e4f579162c8a4d348673859df0afcac7783f0485ae6d0a1d6c909a51df2c5935ef236d45b4f9f76e6e97f304a6bbdccd6adf75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    141669a67c69121fed4e09f45db6f8f2

    SHA1

    307e9fc396478ca466dac55c5e63fc638be3a7cf

    SHA256

    d65fdd37eec9e23ba39c401e1d42a787fec1047067872841731f4eccfdb20c5a

    SHA512

    b803df572817568e561cabf2fdc46c9539775defcd7728cddb628010344123821c9913be820241ebdcb298af0f0820e6fcf124ea10555fb6202401ebe1225622

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2cfddbe00bf67faaff1ee01ec0e550b6

    SHA1

    5a9ce3dcf500fe974cf50d3a0d9df8241fbe6c00

    SHA256

    f95601abd0955f24ebd3a0180538b8ff36be8570ec00f6da5bca4724783e2054

    SHA512

    bacdd796788345ebf9b916fb033bc6b90571813027b6789b97d630c9b708576df8538b604fd20dc49f39898beb452e86703fe0a8c6341457329365934c692a33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8a21a73655f53ad96b4a58c62cbc963

    SHA1

    ae651213ab76a1c76fa153f86ac38310c7447bd6

    SHA256

    23cdeff483e065e21da02491c21737297d6d66f8b09a9e72f8078fea9901f4b7

    SHA512

    3f37d66270588fe5bfa1e375e95f25a390565a5afe17dfa9a6ed3d227eac2ff3564eab2a5500e25203fd25f8a54a4f6cbb92c95334993525565b8f8ee8fe4793

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    141724a5a0c757089ed932ba9dd655a4

    SHA1

    6f7082e114d65ff0edefbcc50aaedeb4e506548b

    SHA256

    621711509267a5e1a92e55ab4a0a8d7e2c38ddab84887e0e0c55c6614378d859

    SHA512

    b774f0cf0a22a12250dbe29279c019c69c21d24ce4270e2e4142beaaf5df9077bd65171c35b8ca66d18c529488b91e7fcd4d4285b4425b24b11bdaadc50dc148

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab672E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6731.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
    Filesize

    442KB

    MD5

    b03f103397b912ccd4f35c20dd30c262

    SHA1

    10d7b246b482abf42cf470987ea12d0a90e831aa

    SHA256

    419489faa47b9e976a3e6440fddae51b3d882ec9d91616fcd0747122fe8a6008

    SHA512

    2a4d0c3f6927473e4f6dea48b833ce8b7e2370d8da3b7c6c8564b59b6e9cffdf15a29a570f5b77ee8f1f6ab2366fe109e59b27a4d24c45b427e3110afb44c2ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF59CABD2BA499AA0B.TMP
    Filesize

    16KB

    MD5

    8e7f05d879c11a2388f30dd73a4142df

    SHA1

    2cf9194baac48ecc71971234ecded36848b56f5e

    SHA256

    336eac8ad4320a4fe983b772ff401fc682a6b8557a2e95523ded605e6489a42b

    SHA512

    b642fbb78a4384c06c1161b2e67c24dc6706f5aa80a4813aa4cf1da3f9e27018cf6ca18b7518402c317523334894f249e800de07e332431a1c3c27b3eb28897b

    Download Submit

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
    Filesize

    412KB

    MD5

    18112b3897c2b2745be8acee53c4ce5b

    SHA1

    a3fbbba5b2de4f5da2a277e9b9ad072fbf740eb4

    SHA256

    9999c4765afe9ffc81c8771b973fa2b01732f71898333b3a99aabb2952f4b732

    SHA512

    e2a05be043a6779a101ff7baea4799d02ad5d7a3e0b4fb757231dc4a616ec2330972ffc6f273a495e020f0f58b1ef092d28cad1391b012dd72ca5dacb64b5666

    Download Submit

  • \Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    445KB

    MD5

    11bf307ea948b28a75c3ceab760ff74b

    SHA1

    caded54f9695be050386d50f543013b78adb17dc

    SHA256

    b9351ab9eade8f0a8162ec86eb96e54af24b1c1a90153df69f58e72009e953cf

    SHA512

    092910ab59a2d2282a5397694cc246d95964171ab843f6a49cddb1ba6521249be88a733e5189ca8561d6234af27da848474bb4114d9c9a015c25e54f40aa5237

    Download Submit

  • memory/2300-0-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2316-146-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2316-22-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2936-35-0x0000000000830000-0x0000000000832000-memory.dmp

    Filesize

    8KB

    Download