Overview

overview

7

Static

static

3

019a5eb0f5...1a.exe

windows7-x64

7

019a5eb0f5...1a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    019a5eb0f583eb75462947dfd26b1c1a.exe

  • Size

    719KB

  • MD5

    019a5eb0f583eb75462947dfd26b1c1a

  • SHA1

    8b094cffce04486f19aabf093b632337742894ee

  • SHA256

    38e78e82f70c405ddc0dfcf00e4722e39674b9072c780f2e091e065a130c993f

  • SHA512

    c005cfae731f7b22204be10db310015554f95a5da38cdd172685cb12eae58f8aad121df72c7a8593ca996b3298aeff1a6ebdfd11f1c1cbfa6a60dc3a0f3f4e6d

  • SSDEEP

    12288:mczJJhqrVPlcwT73y23hP8qJ+Tq9MFG4Zv5V8xsMIg7OAiC9BHjGlnOzwiiSigjm:mczJKVdcwTry23hoT7VksmOtaJCJ8w5T

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 39 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\019a5eb0f583eb75462947dfd26b1c1a.exe
    "C:\Users\Admin\AppData\Local\Temp\019a5eb0f583eb75462947dfd26b1c1a.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3068
    • C:\Windows\temp\qqncdf.exe
      "C:\Windows\temp\qqncdf.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1752
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\temp\tc.vbs"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2436
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.97dn.com/?tc
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2784
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2872
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:209929 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:888
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:537621 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1192

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15c9d7d82317968d2459b381e1876a47

    SHA1

    400fd2ac72e2e81b15c7dfd57e709be30794104d

    SHA256

    d3b184d015639315a3fb564116f33d68f6c5b0a29c04360403c0b74ab0ca7354

    SHA512

    d1b04080fbaa211cdda5d361362560b6453f59b0b6ba391593f5e5a888e5bb9e38def092fa26ebe16350eee9ea9b81db2f6fe8c509a8c9acecb460b6129f647b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a172e4ba7c5bd5b56eac9a864423e2d

    SHA1

    1df7d43230f01a198f2c8d248c959e87feb6854e

    SHA256

    831e182aecabb626e82c0bfea17ef40a324c0c59ee25486e8a6a05d06287241c

    SHA512

    163d994e2e4189d93ff8ce450f2464735922fabb8086b30d4a96dda0410228999785fabda1e5dedddf35448139e80e9a7967ea0e6b1f95c53b9dcc6ab09a7fd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa17ab5ec6d700c76cb580daac6ed147

    SHA1

    9ae33b45db75afc4e26fdac461950c0092b8ac82

    SHA256

    b46578bdab4cbcc2d87dc6b0ea80dc156d97cb5c814b7f5f1022f7d124dbe150

    SHA512

    b2348ddd309330d1e33a2748eb8fe892cfa1de40e61d03ebb441edc1a572f9c2e38e90d9563eadd822b0572ab083311a66f8d8329433eb9806d291df928a175d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8cc4e34d6eb53c01a9547b4fdf7ce85

    SHA1

    0b345c3491e242db70d9ffb1cf03a6de32b215f8

    SHA256

    9e684cb5b94518458512826daf5344d29f3623d66f9ed4c763c01580d36cce32

    SHA512

    039c1f9cac046c273dddf275452c48e53e980341d55469550633cc79c3f0895032f3af648df0cdfc14e4f23f1453c50734cc3a80b7884f8f21af5f7f039bdc1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3007db733335967d15c5b96b0a750b87

    SHA1

    85da88542c3ca197362e859daad755071de09bb0

    SHA256

    c1eff086054266c6bf5788720acc77e0d227967e031613ba243bed2c4380e3b6

    SHA512

    891e1bddbd18b02db912dd20a7f0a7d11cc7f5dc9403f408784b63d04566f626882a450a2a6dd973562c22a96aa960eecc0257ed65a6201ce413e32f86af6d0f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e3e266d94ea35f78a921250300761b0

    SHA1

    224e3109d6d722d5cdd7cb98193cdcc7fdc6cca1

    SHA256

    49707b3a127c49258ff127362a9404b6d8adecf9b9bfd461fe0369d03ec4af0c

    SHA512

    3b0fcca5fed778355a1994d672ed7f8702e6b54d41c65c468e721fe9487e863ca03d79c3f8975f862723e12aefbf04f69a4a0382a6227f873f5e9cf3334e2912

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E3F2LH07\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2A2E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2A41.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Windows\Temp\qqncdf.exe
    Filesize

    1.4MB

    MD5

    acf4c987822833b4cb4ec7e924e05c64

    SHA1

    09c1dcb3381e60eef7a6987b5c1e3ae4c6efc613

    SHA256

    6342d28485cec75a5f42f12644087ea092cd0e3ce5a353fd639ef49437a4694f

    SHA512

    93bce4c1747ba81c6f9fbe435662c4ed628b2dae035f19115b49e632fbf8c770ba875a275aaadbb24fe5c5cd253f8f18c1d46882f3c9ba981cb3b1dcbf5032da

    Download Submit

  • C:\Windows\temp\tc.vbs
    Filesize

    532B

    MD5

    e7cee80668c49e36509f063fbd2a0456

    SHA1

    eb8d8ac6a72669e460eaa89389234a1f57e08a64

    SHA256

    13c4272d79239c3cc374f8bc236b4b2fc0d4fb476bd8000dcf4bca8e0fe2a373

    SHA512

    eae6e2cde9456075cc9d4167e8eb698e4c27ef24fe05282f022af86ead070c1e9fcbd841a5e75076e1cc9a26e8f5508396b05838673f2a79d52c686f824d80a5

    Download Submit