Overview

overview

8

Static

static

3

05e8e9a5d2...cd.exe

windows7-x64

8

05e8e9a5d2...cd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    05e8e9a5d27f6359f19aa16f5a6599cd.exe

  • Size

    280KB

  • MD5

    05e8e9a5d27f6359f19aa16f5a6599cd

  • SHA1

    a48b592df28065d1282ac4e2caee8504cac23290

  • SHA256

    de5b656ac52293377b8d7051c5a734f82338cd8a96461d896d25f9a82bda9420

  • SHA512

    7f65fb43dcf5191b2517d38c0ceecafc185f4682e92747fdbecbb4d8791d154169d1c638c6e1c9420b40594d687630c9d8b046cf2ef3a377e3e8b57829dc492a

  • SSDEEP

    3072:0JdlhViHwy64lkvqcaipub0lxRrKy7dddc7fA6keXenDf9N9UlxCcMiT6W+MCc+o:0DlGHoyWpZl3rKyvySvDGN6WnCJOk

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05e8e9a5d27f6359f19aa16f5a6599cd.exe
    "C:\Users\Admin\AppData\Local\Temp\05e8e9a5d27f6359f19aa16f5a6599cd.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1060
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1512 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2852
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\dfDelmlljy.bat" "
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2640
  • C:\Windows\SysWOW64\PING.EXE
    ping 127.0.0.1
    1⤵
    • Runs ping.exe
    PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    97e66dff80421e67905f43ef6984b368

    SHA1

    62f858bbd7774c58f3c9cc42279807d021ea818b

    SHA256

    dd9bed141db2fe5d4285c1bbaf08ac2525342dc0f2a9e3192921efe4dc3be9d5

    SHA512

    9477899c8b33ac81935d65e55423319481ac4802fb4ef43c3f75841f16e9a124ecc6cfa0aa488bba2b5513672d1208021a4b7052cf0464331297eff5f0e301aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c50ded058c0a758cca070e64ea123968

    SHA1

    81c8ec065b9bc6ba7b96a872acee483c7de0dace

    SHA256

    cec8fd5bab93b68935c7bfa1382837ca4a1f9c19b2dfe3b3463d03963cddff66

    SHA512

    14fea0e777a482898999aeafa28fee31aa1769f263911b40bf4909603b109bacaa2d1ea0565a75bd2cdfff41a8ac36cecfa8f02b5e1f37480b370125f3fe7875

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    530b2a25fa537177b653e9eb129a3c75

    SHA1

    c693e52267623bf6894b2cb67653c52bc29f246f

    SHA256

    be93051836d22ea1e97b4dada17df1eb36196e57565b16214bfee53a6a27a8c8

    SHA512

    4ee951acf8b9128b21fa53e58bf72049e73c97c38b1528fb5d930adc158846fb5ccaef5ab73de429c785f77f5ba804fe162293ecae1afd538be377d4f257be5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7fd154c0e86dca0f94add45b59a14249

    SHA1

    b1027ac2d974429b84553a03bdf7ed4d8b19d2ce

    SHA256

    d48150ea4436c9df9f91edd61e094086bdd3297696f0c06400098fba3aba04ea

    SHA512

    476a1b3fb6fd74ba7600a555d705355cd35d7419683025443ca52c772325c41ee07638d8bc2acd46098a0dcbab8184cb40fd176f505ab1f2d2b4cd05d8e38abb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    67666064637ea56051afa19c88e0c840

    SHA1

    29518773896585bbcf5d8e77b9c1a5470de096a5

    SHA256

    4621109eea9c81422b65310f5cae04bab7c6fcedc8c8d3df476c55d312fb07ce

    SHA512

    0195c95aa92a4ac24837e55dff00403d408790f56aa7063929f64014e47e0c1f8ba11e54b579a99d9c0adc2e15537e1ec64ac3866947bb42398ba0e5378bff33

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6f3618862aec605776875ed912c42e06

    SHA1

    ab6eac2898a516d8d6187020b9e17744d945d28b

    SHA256

    0ff22f337aad47de253a04c7f0d42c501bf22457d9de213dec6257e03af85d6e

    SHA512

    ebeead382d8178d508d4f7076a5e37006d14de9329f0d348e1c47283c8f9257169b0c0ed39c68b2f3bfc6d7987af0f6e778207c963f1efddd2dac44e67d978a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0baa8f3ec20e9c2b4553dc6d08aeffe3

    SHA1

    b5739e4978484124647b31bc7f32587e0fdf5a82

    SHA256

    6915eaf83b56bca406ddd3ae914445691ddd19f8ae3672a7fb3fd6ca5c42a07c

    SHA512

    4f230031e53de2f1531f0bf8457e1ac653454b7674c7cae3eafa7b524e8f5203747679d90418e29ac73bf667dc6930a08b04fb8434203a0f66e2ed685997485c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a50c90fde3faa14dd4d77b65b93f5b8d

    SHA1

    a743baad1e03ee1ae2c30bc7c3068f9eb99bbbf4

    SHA256

    4b669c3fe3d5a61dc94ec862a18229c37979b43123e2117ce032959ce222c074

    SHA512

    4211163a594649c3d96d4a4aac918da47cad71c9a5203e3cc4902d98501bbdb30aa82097fdd059e9bbbdfe3d917a0e9ad27709a4bd68deb28c9ccce8c2f1a5d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a2b74d7ee82dd2d2ee1a181fbddbae6

    SHA1

    0ef42dd5509c44b6f4795705ee49f5ed835d2b8a

    SHA256

    ad24e3525436d962286bc5917cbdb7cc55bb89c773dc2a9562d0fce2c068882a

    SHA512

    a321fe3d9be1538bce96e4c94ef6d262a7b264c522b8356f11047c426525c0124eae547ab8fea406f9163c5c3ca96a35d9349d7942407e9637ff28ed0727efb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab39D8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3A68.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\dfDelmlljy.bat
    Filesize

    205B

    MD5

    bf2ada71d83b675fbb93011690dd38ed

    SHA1

    158c5b971507040d429fa1c8815a4c311ecfb2ce

    SHA256

    be92b5758d8805e92a07396747f8a2a116145ed0a1521b7642fb9adbb126f9b7

    SHA512

    dd9594ec455f38cc696a4eb783a56fdcf5382cf56bd3a35d1bc3703dfb9e960be1a041039c1d7baa38d54ad3a823a9898d67a7edea50456f4dda588f95993bd0

    Download Submit