Overview

overview

7

Static

static

3

1fa08df0bd...a6.exe

windows7-x64

7

1fa08df0bd...a6.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 23:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1fa08df0bd4d31d285ba50fedf5f11a6.exe

  • Size

    82KB

  • MD5

    1fa08df0bd4d31d285ba50fedf5f11a6

  • SHA1

    67ae27c49e411d6ca83d95811db46adf8ecf1e40

  • SHA256

    76fae8a7dec7c67735e3ed64467ca5eb58ae13f0fd7af2f812fbdbef3a59c6bc

  • SHA512

    9e40d683dd9bd5aec0f645bdad36b3003125a07998b1b25ec69cc9fe392b8bf4db405c98aeec191271de63e809bb9aa6ac1a07884a544d64c2e315ad7595c360

  • SSDEEP

    1536:R6KDqIaiMHQC4DGjP5dEINWu7ajYEYGMe0mN+CkjvHjnyppguRQxg+HdU/cO0:R6KgiCQC4DGTDD5ajYErKmNo7nKpDitp

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fa08df0bd4d31d285ba50fedf5f11a6.exe
    "C:\Users\Admin\AppData\Local\Temp\1fa08df0bd4d31d285ba50fedf5f11a6.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2168
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2168 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2260
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.xingkongjisu.com/flashplayer.htm?52c
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\1FA08D~1.EXE
      2⤵
      • Deletes itself
      PID:2656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72491325d90f9353472893b7ce00b0c8

    SHA1

    5655f0361a65ed0f8743abbc75e12043be6f4007

    SHA256

    ee173bc220f5d7ed653d03eee0d5c2df2675fa68bb2ee2d55219798c94776fda

    SHA512

    eb99081fe969fd42342221a571f1debbebdc9cdafd17cd5701a7e4bc0743b25f662b14a243421f09ac7467c77ff0e337826eef98b924b74736bf9aed9976ccc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44bedcd2c0adacfdaac91d8e8ef74ffd

    SHA1

    6161cdbd935b285a8fc3663a051217933111341c

    SHA256

    5e439315810b6be2289218835085e2de289ccbb48ad7880a218d74c6d3f4fc1e

    SHA512

    78900316a5d1cccb10429d995f96175d461c7ea42ec4aa48f28b14c0a922092870bbe543d4cd12bac07f29474504d93eb428fc855a300234f55849289d573658

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a768eba570a20c53a0dbb7f75e7eafe8

    SHA1

    a21e7ef93158254f12779132d1dcd6515ec12bcc

    SHA256

    c979d2fdfc2ae37b4a4e4b56902cbb9c509dcb1b0a0f100cdecb25867c401cd6

    SHA512

    51b109b7494e39609fedb6140a4cf49ef9d306dbb704f8b008dbb408a57069757a1f3152e96527b4dc99fad1ae32967172c9180b71aca21c753a5039cff26514

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ec7158fc8a8a59a0d8e9b24f9fdded37

    SHA1

    e8b96a603760dd7436c98d26a702fceaa80d4072

    SHA256

    7adf226dde8b7bb1ca7ef21ca0e375c2091c6b94d52372b460fdfbbe209e1406

    SHA512

    03f4a0139d56cf1a007b1eff2b046dafc2b1d7dddbc49f3c4a065deab919fddc31658554558c903b23f4fcf22a863592c385482e8f0c7fdea2a492131f1d9f80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f1fc58f6ec22f6bf22a9fec65f3c6a7

    SHA1

    65490969ea2f753dd915fd0c57fa6fd776d54d9b

    SHA256

    d698e186e9814ee6ffc6b8067ac0468b380b79f1f6401b261699365756c64ec4

    SHA512

    318bf2b2660ee793c0b70c23fcff6b8ab76d4a90611c6221e3b9471fdc4a02f4c92c21b6e449b09290ef42d1dbe26b8b1a17c6520fabe5a886f962b74011bc21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71392b7575da38d17f5b95513e4fcc97

    SHA1

    33fdf6198fa9aa67ca772f827d014595e92323b9

    SHA256

    47e1bf52f822083df2834b226a5bcc70669203ca8124697ca01725a3cf4ec78d

    SHA512

    1d680f281e6445abe07f6ec99ef2209bd4b578cf365c327b8020b206a0b9da1d068cdec153d9cba1b8ce85e0612f69e5ca4551c9515a4e343f0bfaf00e4e87ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    27eb1c0d6419fbdbeca3b7df73cd6511

    SHA1

    8f5d04c36753509cf5c12ce8bf561cb5eadb22f2

    SHA256

    32e17d40557af3d4de289999828c0479880fca8d2b24eb4e40c88ff028c6216c

    SHA512

    b39c9a86caf2f32222cfa1d2f51540e6cc39efa236a10da2c1be3602abf39a7a892f7645e2b3ddefa7a371a9880c396015078545b4bfe4167214dd14ea80d12b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b61a5b2a917eac56507ddde2386a374

    SHA1

    88924b4d12eb502e1658d6d7a7ac1a9b42bf722f

    SHA256

    5f1722f29f0d0b34d0369c37654939ae270ee153281b757111f45abfc7ce2548

    SHA512

    0d434a9d0079514c1503155ce0b17c6d9900c444d46a716a9fccc8f7e0f5390037dc5fd2f50f7cf6703f24e4806e834bbb0fe1692a10a7833424532cef24009a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f2c553a6d2785ba9f42e7ec43f9333d4

    SHA1

    b485b072fd1c1e314e9f67f4cedf151bc9eafcb0

    SHA256

    9c37385cc67c77a4b49d2c5832df9480d78dbaf088c0063a9624a649b81f164b

    SHA512

    3903430b1dad81cb3ac385b4332af42430e1bb3a6870ed314d1f4b19b8092054a748c7a0011ee33591ef590e3b7fbc4d9c5cbbdb5325dc8cd7bf43c421005878

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e258beb8d0318058595e44ed2f1be98

    SHA1

    72fc262bb7798cdd19e5c9ef3491d68e98703770

    SHA256

    291fcb91c347a766017c85aefcc920020cfd34f0448a3ed488ce2ca78f654b8e

    SHA512

    5d417f2f9a7960bc84baf4e40b28fb69aa6ea0d4ab937188d1c6d45ca69a438a67940daf1ba29835f8bffa35b625e6916396d469293011e809bac6813b1a0043

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3c4fb948c28bcbb7ad6fc8028c680fb3

    SHA1

    7c280e429449e853beec4f2ab8ab28f5ef42390f

    SHA256

    94bcfc6b1abaede2824df29b6a9bce21310cbc94aed5be6c33632504688dbd74

    SHA512

    874dbe0aad589d8397d7a8566418be91f145fe295170bdfb1aaf3a7f173136fc8081c277d94ea73bfdeedb7caf8ef398fe721c254b9a0df7b8ec58d0f632fe56

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D40830D1-A898-11EE-BCA6-6A53A263E8F2}.dat
    Filesize

    5KB

    MD5

    6d77f2ab2b23c0d7fa98da3975f651cb

    SHA1

    f05ec28617a277963d4d6dc609d625051b9409dd

    SHA256

    8d6e1495188239fc2c1c4240b5e17d121dcbbe733a0433706413d04b49bbd1f7

    SHA512

    40264481e0c7f7ee7fbd9c073dd0b2d451afdbe07e4b9f4fb8579e5946348a9ff5c51b4a21a5758bed6707abccc937fc092af7928220e26db4f23e25be36e726

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab537F.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar53DF.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2052-4-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2052-1-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2052-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download