Overview

overview

7

Static

static

3

041f4171d0...bf.exe

windows7-x64

7

041f4171d0...bf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    041f4171d06869ca57d099752e5cc1bf.exe

  • Size

    38KB

  • MD5

    041f4171d06869ca57d099752e5cc1bf

  • SHA1

    023995c6c02f34dcabffd8f79dd333f63ff6a0c5

  • SHA256

    fe37c4ba340fd9ebaf3b639cd5a4a356c2adb20e1def2e24af6f6b6ea2542ae0

  • SHA512

    6664852d478019d0151ff849b4ede766a468cb3bf1784f4ae9afd874ed62a123dcf34025d6b120b5f695508e12626e5c945c4c8dff8c7579de328f9171ff7ec9

  • SSDEEP

    768:xg5idY4WSEcfw/rZ/+rNx4u8RXE4jl/i20SS68d7sHum7soV:x2KY4/3IjZ+sSWFiUSjd7CsoV

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 7 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\041f4171d06869ca57d099752e5cc1bf.exe
    "C:\Users\Admin\AppData\Local\Temp\041f4171d06869ca57d099752e5cc1bf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Users\Admin\AppData\Local\Temp\load.exe
      "C:\Users\Admin\AppData\Local\Temp\load.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2160
    • C:\Users\Admin\AppData\Local\Temp\balloon.exe
      "C:\Users\Admin\AppData\Local\Temp\balloon.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Windows\sysguard.exe
        "C:\Windows\sysguard.exe"
        3⤵
        • Executes dropped EXE
        • Drops file in Windows directory
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://sp-protect2009.com/?r=5
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2540
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1960
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 36
    1⤵
    • Loads dropped DLL
    • Program crash
    PID:2852
  • C:\Windows\SysWOW64\ping.exe
    ping 127.0.0.1
    1⤵
    • Runs ping.exe
    PID:2820
  • C:\Windows\SysWOW64\ping.exe
    ping 127.0.0.1
    1⤵
    • Runs ping.exe
    PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8409fe31d391e69906abd6bcc8546daf

    SHA1

    6fb06bf818b604b296c3fa73c14be07faca7a68e

    SHA256

    6a5e4a126c71c9f9b50e8dbb115851417b8a3c5a15be7ec475fce68c28380e28

    SHA512

    32b3212bac129ad90ea89b0421caf366bde3bdb681c40e7430ddca5e2d98920774abeb7d4477ba66b993718a5ac7a4abed0932bfb0b9d2b7515b127fba107f65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cd29e72bd2729c17270c5199aba50417

    SHA1

    2551c4b1e0047b26a1f16b11629f23fd7c3b6773

    SHA256

    d918123c1cf669e467510285ee10bed7f776bf09b51c71b3e3d98e3164c06030

    SHA512

    0e46476a17155f8c70ecd83f5140bcf6f0125f0ac28f03b3a9a10a9ac13a779607bb613ce9f8abba01f06e405e778a719ea8fa34e169a72401628bc261468226

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    579b7a07c0b6d12820721c16501e376d

    SHA1

    3ff0a744d92020b8892208d914d12859f7166ef2

    SHA256

    a5a9852a28ac1d4b0705231cd21a64f38bee7d0eb8774ea2963035936c89e9c6

    SHA512

    8915503e0763ff5a9ca426d1f33845d090283934a42bb1a0df9926d6d443679069a4a72eec0af3b01e448f15800db6ef3248de857cc3cfe56786df2160e1e13d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eedbc9dd01cadc53ca0ef97ab407a3d6

    SHA1

    8f3fb586be0460a3564fc9c24512f29843176133

    SHA256

    018c27d6c60aa9072af9df4c975d93b1a3f2057fdea1486d52633c5af577b5a3

    SHA512

    3eae80a649eb65f58364473d70411623263f2f390a44a2c573ec57ada469825a640e2d64c8cc9dd55a6a4e1869163adf3390c9045198f1f247057ece0cbd74e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81699a57765756dd721ef58c3aabc6e4

    SHA1

    460e307d3d7fa36fc4274e14ae3c4985e70279b8

    SHA256

    6065bd1bc8bd4299b2eb49a3e1a9c21d6f2e2c235af9d7f57d13e3c67f3b58c1

    SHA512

    b4eeb70b364d8cb923ec17fbd541c8db09912fa02263bacdac390257fd39ac6d9ed2fd580724a4e4b7459f4baa28d4fd1129d929b9148af1f7ad81f0a4a7d480

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8403398e670154af721e6b52714800e

    SHA1

    27152de8b5e5712792ecc3ccb033839ce5c95ba8

    SHA256

    4a2d73f4088aa13e290da659224d284be3c775f538168d7715c87e9201283592

    SHA512

    929fec50e813aa1d396d2b90e3959ba9a328ad9acc19b423bb6598885046ed2fe23ea3466bf549b9296a86b04b1b6b2e59a2d623cd96b213f9740fdb1c5c54ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2e71524684398b82e791efda0fba3fa

    SHA1

    0d46ecb95fbd496b3da9d8305ae3956dbf963014

    SHA256

    cbc9ed2763b39b2476e3a27d3f58da255f233d9a22f182cd01e57bbcacc78ebf

    SHA512

    226414fcac5081db7d4ea95c879e1d9b60dfb967248bafa3be9d7d90b8569d004a1cd37fcd8c99fa9bf8798211da028f01b3cc67a27b4bd4ca6141f0a822e33b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ceca05f516028f4c04b2e76ab6b6dae6

    SHA1

    7324741257942ef03e1a84aee76b752564112a65

    SHA256

    87b6c9c545f6cc7dc27507fcb2eb95bb4909347a7e1fcd4d0ea2f0c9975601db

    SHA512

    34e235659f540bd141cd2941b0580f64fc5a89a175e8060fbb7e0a5d60ef1069735f1940fa3ca585d1542e5c12d6350e0c9c232c2728898d9cba2c655264294a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad85dfc2587de234ae65d0fba56aabbd

    SHA1

    80c39c386236c04ed0dfa7a146039793ed8ae15b

    SHA256

    0f9f22b4ea36f8b1c9e7aff8ffa09c500f9e6a8f84d512062cd189344953e25f

    SHA512

    90ce3232c34993d0acbf194e2bbeef705c46edf411ebcdaea0de9deacd28230670c83f81f1efc2e5e6d1e97f06e2671fa0e39072d423b298d1a4d6526a49d46c

    Download Submit

  • memory/2216-0-0x0000000000400000-0x0000000000411200-memory.dmp

    Filesize

    68KB

    Download

  • memory/2216-31-0x0000000000400000-0x0000000000411200-memory.dmp

    Filesize

    68KB

    Download

  • memory/2488-42-0x00000000001B0000-0x00000000001B5000-memory.dmp

    Filesize

    20KB

    Download