Overview

overview

7

Static

static

7

02992aacd1...43.exe

windows7-x64

7

02992aacd1...43.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2023 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02992aacd175afd9c31f01ce9a470843.exe

  • Size

    14KB

  • MD5

    02992aacd175afd9c31f01ce9a470843

  • SHA1

    a6e6aac039c9457471a03c4885fed840f4f012ae

  • SHA256

    7de6562b372ec9e0a6986a3006de89241310d29dcd57766e74e0ea8fb544a010

  • SHA512

    8236436824589b539587c8f1d635d4a00ac9ddcf77b7530cf414393e6d8853e1acd5a8dd02b0bd877734e4bb0cb1446aa22b79b98d3f41849a7c0fd2a30bc1b2

  • SSDEEP

    384:GkPujS0KSavK5mqldBneFz5l73V5xkas5Nek+vD2T:5j0xuK5mqF8Nl73ias7

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02992aacd175afd9c31f01ce9a470843.exe
    "C:\Users\Admin\AppData\Local\Temp\02992aacd175afd9c31f01ce9a470843.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.elionet.cn/cpa/tj/xtdvodleeboo.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    186fb2073e7e49bf9fadfc9eb02fd026

    SHA1

    5a096575471052b54c22181a2ffa9667e038dbeb

    SHA256

    fde753433aa7e3a1038fe04e7d44c12727de3b0515f65d8a87401ec6bb4bc368

    SHA512

    d70f332cf018297667905f843a1c1cb23445cc8fe1d000408f638318347326d36617ba3db6394aa129f2fbb1fdf0ee58a589c93a8f6d2f27dd6eceaaddfe10b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02f0bf2659b73cdd58fadb6d33cfcc4b

    SHA1

    8db43f6a36117e11b1aba40e45600a4d0b0db80d

    SHA256

    438df8ac3c1383efa95ee3dd7377937b401b5d49c7b05d9f16810337d109c2d7

    SHA512

    97dacc4126ef641990c981ecee71d02b914431f8ef827b1de9ccb5f67cbe73eff15a26b7e5e5c7f84dfc3d6f919cc60fbc7dca25bb9866dd08e40797b67eaa1d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2ec8a62709b79c442444f900f070ff3

    SHA1

    828a26551f7caf939835f16ab5e21db3b83216e1

    SHA256

    3d7e63d937d8f9bb2a3b4aad315cda2cbaaa59269276eb9e79212c74afd7fed6

    SHA512

    554170ab3b2e7ea43bb89b74b9e0ed391b7f98b2f44b6f74feb4840894341699cf9ccab568f523ac834f50f743fd700ee518f1e7d4b099184f44b0173aba355b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e531dc1468e352559b6ce8f66b6cff92

    SHA1

    9c6225462826230bbb005d502d6a6c33fe440253

    SHA256

    77bddc3b6183b7cf81b757e7233c864b36831edf0d37371050356b8d0faa79eb

    SHA512

    a10b0fea0a561186910b766531ccedf0808825f79fd114462f196dda0337bdf1500cd2e436fcc5c38e38319728452f14bbfcc0df0ae87ce02ff3ece6239ba788

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe876ff692497821edab6b4a59e50669

    SHA1

    0435b33d42b79a7af5e187b031339321643f0cae

    SHA256

    fdd798c67cae46844a82185dc6a7e07e6b168c58e70cb55ab5d3a16e8060bc1a

    SHA512

    e4c8699e40eb3e83d7951974ed263a8284be6ef0e4c12eda61696f8e42786fecf4dcc10731f816c7e47b4182f0befd8c480ddae9588e3ee1c3a3f7faabdbe4c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d9887569b0f7a76e61200d05df4acab

    SHA1

    d4a3cfe1359a63aae4b4982871b47ae0b156289c

    SHA256

    1b715eeaf2ff2e00ef9998bd1f95fb74ab8a86a040a7f6392be0e03397b550b1

    SHA512

    54c76b3c95e5606a443566319aa144ef28024743a40d2cfc29b2f573573e21646c40742996817267ccc87b419c181929c7bf1c1f92bf91784eda9cd841b311b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    63da65e26666911ff4553aecf268220c

    SHA1

    97e44a558131787f4a4e8218342aebb54a7ca983

    SHA256

    4b422e401b67982ce494007c83b86afb97e4e34db304b9cd73026c72a48abde6

    SHA512

    b07b5138a50d68feac11552e97e9357f4899fdc61148796f28e6de3e3df9634fdd93559154ce7a127143863112ad5276576e36cb2a489c097a7e6d71f8f7d1d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e1e08badba3708ada9ed08fea64135e

    SHA1

    6524713b28fba0db54ba63f33cd7f814501575e0

    SHA256

    364676aafe1d12c6343540607b6d39624e9385563b1420111261f42dbdd0cbdb

    SHA512

    44b6cece69023201a2a2998609d43ece6663b97a36c5fa8f5343873ac9f70d5712427651ce5ef07f7c292d953422f08a590e1b503519d8359c0176e6f9445b86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49050f566a1c7fd23828e06a4b1f071a

    SHA1

    79de24a1c67d12f7eca08c97c142035d4901bd4d

    SHA256

    ceae894e5e5e2f1d985332bf934585bf7ca7a364b94bbdedd096d26523e47523

    SHA512

    6d2f7b5f9f19585713006857738514879a54e96e2332c90911298f04009c2487839ffbef595c20f3cf8b885c941fc8e93f9a5c200956f76e388483ddfbdd0e5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2948a31dfa14dda0242c7b4a4934961b

    SHA1

    cb26afc7d66f958a0285f81da0b44426eeef75f3

    SHA256

    9613e1b1c255f13a250fbfb7acb37baff92f23fd067137487db235c47d2a2527

    SHA512

    b6015db1000629456d11019f23b5ddeec792d58cb61e94fc985b20a7103bb454cf1d3ddbd86a662b30315836188c92940824b25260ea885d2b5255b2a627816b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab39E7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar540F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2172-13-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2172-4-0x00000000005E0000-0x00000000005F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2172-3-0x00000000005A0000-0x00000000005EF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2172-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download