Overview

overview

3

Static

static

3

0436e9a93b...ba.exe

windows7-x64

1

0436e9a93b...ba.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0436e9a93b22af28e6b473dff82e54ba.exe

  • Size

    24KB

  • MD5

    0436e9a93b22af28e6b473dff82e54ba

  • SHA1

    422620b56c50160dc532b78189ce31df7ce9cd1f

  • SHA256

    398182e723004df7f724421becc3b8cdbbd77543b3a7d54d13483a335da4193a

  • SHA512

    815f114bb53a5499755d787944fb71cb3241c35c166bcf3a9d684252cbeb2feb76f591cd9e6330457b901660ac92751c93de5752e2369ad6266d81548584b6b1

  • SSDEEP

    192:c06BsM/NlYHru7bTwQz2tEXej7v5qcgy7lfWG48p7Y3VSSccd4oynLv354NZU:c/sM/LLzenSyQGHp+VSScI4tvpP

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 63 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0436e9a93b22af28e6b473dff82e54ba.exe
    "C:\Users\Admin\AppData\Local\Temp\0436e9a93b22af28e6b473dff82e54ba.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.szhaokan.cn/welcome.php?k=t%2FK9qMCtzqrG67buxuvF1Mbrt%2FK38sbrwK3awLfyxdTA1sCtwK3Iy7fyv%2BzArbbuxuu27sbrv%2BzG67fyxuvH672owNa9qMCtvajA1r2owK29qMCtxuvL48bry%2BPG68vjxuvG68bry%2BPG68Ctvai9qMbrwNbG67fyxuvArb2ovajG68frvajG68brsKLG68Ctvai9qMbrv%2BzG68Ctxuu%2F7L2owNbA1sCtwK3G67fyxuvG67buwK3H67fyvai38r2ot%2FLL48bryMvA1rfFwNa3xcCtt%2FLArbfFwNbOqsCttu7ArcXUwK3G67fywNbArbfFt%2FLG68Ctt8XArcCtt%2FK9qMDWzqrArcbrwK23xcCttu7A1rfFwK3Arbfyt%2FLArcirwK3F1MCtzqrArdrAwNa3xcbrt8W9qMirwK3F1MCtzqrArdrAvajF1MCtvajG67buxuvArcbrxdTG67%2Fsxuuwosbrt%2FLA1sCtt%2FLG68CtvajG67but%2FK38rfysKLA1sCtt%2FLArcCtsKK38sDWxuu27rCit%2FLArcXUwK3Oqsbrt%2FKworfFwK3F1MCtsKLG68XUwNbArcCtxdS38svjxuu27sbry%2BPA1sCtt%2FLG68Ctt8XArcCtt%2FK9qMbrtu4%3D
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2124
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?4
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          de7cacf64e04148223e4e820407a14e6

          SHA1

          5669fb53584a0fc6d576bf0131081b011e0bf143

          SHA256

          fc050a7d258d4b636fb9475f4ad4238de8d86351819c3cd4f7f7c3c5bb6d36b4

          SHA512

          9c81ae68c62b8620db0318b711b4c6dcbae141968b5b81e4170aa84743e94a761b484c831431a4dc2566d124263db2cc890fee6e951f54dc7de2f78ff6c81f40

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3af5c6527e08a87b21e4f5914a629b9f

          SHA1

          9cc4af27d2811eb235f5b43ba46222c0d823bbb0

          SHA256

          4af12da81644a5753371b332898f6d9c3b55b32923469bc4e1d3511e1603c918

          SHA512

          5a5c05443400fcf9ac6312d4c659abee38d37931fc34f4e3a340e7598934073d8748d224fe9576ce8b6e745899537124af655b02d7f52dfc024f241c74832f93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          07f997d655672c005fbeeb34329bc677

          SHA1

          aa118fac17320507c1ad952e65d5fed9eb95c06d

          SHA256

          fddcf2e7356331f15447acb46a362d5347af0d3101d7fc81ca5a452c788e82f8

          SHA512

          615b2c8ad85a2d6d752ee3ed4d65b6c5ed52880b959b568e640c3c349b5d418067c7a7dceadbecd43638ac61bb67ce5f90c5e0c3658d607c1ea6b2de4494c518

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          33d17b1ba98c02f4fdbd41530b65814c

          SHA1

          3dad8cfc3fcc127a205d451e896562ce7b2647cf

          SHA256

          9632fd65073f89bae2f939cb71a7604e8527a0729e96663d5aad97d00af195d8

          SHA512

          c95b4a38db753b487a45aca0488dfd4e65fe87959c4faa297e23ffbbad1124cbfc9a5c5b7b56cba69f8a434e81f58a9a532233d33984f9307685b59ea359cd38

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8736e95e199b83291e8982e94f0c5d74

          SHA1

          0f36b907dffabdf35b8afd4ad93418247ab806b4

          SHA256

          a7f212f605f6faccf0553544c228e107f8b484d2b8c6b3eaf08629d238ec8b0f

          SHA512

          c2b481e6f277c887844ab7254c2ccafe4a25ae4e136da83ac5a2e58c5f96593bb7364822b4194d4f4ff3e661d4c657112e0a263c4467abe7f055df2c45a847a4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8b2987129e0b4275e0ec4511b4b16a43

          SHA1

          bc5e7cca3820ffa7b13ce5b0af3d731b41786247

          SHA256

          c561071f7743ddc7d20b93bf3fd6335878f9acd813892247946ed29d5820ac46

          SHA512

          e3472daf8efc763b67d90f4f5d65af3e3e8dd3514e1e0cf278b6cd961955a0aed249dfd1958d0ae0aaf3eb8239cb675acb471674c9729e92a5cadf53c55a5ac3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e80119956b509bb44608a391edf13f86

          SHA1

          3c313cf871050c6e112672eb1940023d5f4bbe18

          SHA256

          a3d902d726d3718065be0c50c22a2bbc3df4b72cf556c3a19e09ef5df9d8f95e

          SHA512

          2be48e1a6e7de0d963053c9ea5fca5114cc00888908ac9fe9a4fe9acb2bb3a81bb12ba5e1817705146630f097406b8ba659dfe73f713500ffcf49bd1387322c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          936147786a35face22bc4ead189029ca

          SHA1

          e2f1c777eeabfc93c6a7b7a4b8cb588b73f58cfb

          SHA256

          fde30e38702f74d79c51bfa46e7f6820626fdb523752b035846ecb799879e1f1

          SHA512

          48c83898646ac9137d1c56e8a672e61bd6ee3821b1de21e80b99db3e9213787c1ce9096028c5ced48cd649ce4a94cdea36350db2b782264f817d1a8478f1e43e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          600742873ba92c217212597321edb8db

          SHA1

          a5c55db7a92a792d65394bf660856dc2d9ee2c15

          SHA256

          00dc022583866acecbf313bfe7609a27b59d9e4da1f5f96d5564bcb4a7f464fe

          SHA512

          d6ca612756714d0fa87a186ca2439405a1a9e5067bf82a5577c8c0d11d1fdfe72d32fcc596eb440bacceb128868cecf7bda80163b6b2ee42ab12592d5426532e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38838d6349745ac7d19d10bf5a410f3e

          SHA1

          afab6ac2541e2fc0d088255fc97661ee5ca26b1b

          SHA256

          638d704930d8fb64a78fd85dd9368c934cc98802e1dd04ce1239484559e3fa13

          SHA512

          23330b953c23ca1666c0db5c85867d494f445c27e6a751f6408e17e531be5f05dfe5092ca26fbd6d8a1c6eaeea863b6ee527cffe6d589f6e8c6ea4e2efa27b93

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          30be5abdcc6e511e5c79bb491bbc8022

          SHA1

          2a5099182eaf92cc76dec6064b79697aaab79257

          SHA256

          8d99acfb393c0694e2eecd3be8f138518591b80ba9295758c9ee2c91303970ec

          SHA512

          abd213648d5daf76a1b35d4844dbd8ae1f1e3fea7d7350b52f2b04cf8ff9fd809eb1eee62abab76114b7d0f972b7e05940a12b28ad6e054d99b2fd6fbdf46279

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          02bf98dfa7c060a520407e9082f48da5

          SHA1

          fb3aa74a5a13b4e199fb5fa36ae21d86005b29f6

          SHA256

          45ad75bcc63527777c24089fe6c0da93edaf5958246f555fa39d1dad2fc7efd2

          SHA512

          6c960558351592038ca7feb4e107924d4dd4762a71cd7c6a2bf577ecad1d0369ba6b11addc7caaf926a0abfc2225cb32d38db22752c62169baee416df698fc5a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          41f5dcbbf1d354199f30e2a96b32266f

          SHA1

          4dbe14c6be994cb21a4ef517c6dc7b0c983589dd

          SHA256

          d991b2b3472c8a036c3b0192e431c3d18194aa06ac962cb2d7a5b396ed44c4e1

          SHA512

          a477a8f81b486491d74307c387c474640f6e2322acdd56be2fbaa7459e168187c79ebb68309ec08fc78ceaaed74af2472cecb566ef450b67e237e6649975b109

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5e3fe78b01d5720393f679db299b6a06

          SHA1

          ea0a3d1a08397fd8240da9b3726a1804111e38ae

          SHA256

          e8fb91ca94b4e4bb1c4319cf97d99f3a4f19022a93dc539051be6678ceb40525

          SHA512

          ffa5b0f98ab1d4a2e5d3bd95f51af8d534ef5e17e952da5686cf3724d2d882659672313806693d14e84456434686753fee6883a8a0d5bc0183fc5931fd7032be

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          99405f8a97e423dad0f778c93621203b

          SHA1

          bd14e25421649150ddc20b2512e09a53fb83597e

          SHA256

          a22580484c27c07fbdcc95a72decf07bb9d222c56f629818529af8e81f9f058f

          SHA512

          78357355c72d58d611ba878c6a21629ed6d62f483f202ce9d9101554f3fd448e973563cd29cdcc6c0c77ed27461233ebc52e7118ac8f4f449bf3bc36ed1d8608

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BAAEC41-A6B2-11EE-B6E5-76D8C56D161B}.dat
          Filesize

          5KB

          MD5

          e82842ee37337dbfec0c1a2a9108c1b1

          SHA1

          4ce8c042dcc35ddf3304437d5e028d0c657db9c0

          SHA256

          337d75f859cdc92ca6fe18b934bf5aa5bd06f2abd5c0cb79e30f5f11a6e6a139

          SHA512

          081ef227ac994fc1c8e959064cc5248079e8f93177119ceadd30ace8451aee0ca788becba5bd849d48e89462ee74fb20759dd8a5291f8047680e9c785d092583

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6142.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6E8E.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit