Overview

overview

3

Static

static

3

09614c4a0e...b5.exe

windows7-x64

3

09614c4a0e...b5.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    69s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 01:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    09614c4a0ee6bead24ee56b6f8ea45b5.exe

  • Size

    198KB

  • MD5

    09614c4a0ee6bead24ee56b6f8ea45b5

  • SHA1

    70c5e52406cb4ab849a9aab1c14145330f6a2318

  • SHA256

    b0817b6ad499d6e995c790054b3c348487fef158e3c9fc93b768e85869720647

  • SHA512

    7b69db354fd6c33bcc355bc899d788d142291a481aa25d449d5ae3af82b93d425cff05bc3ea500a332bb578873e0965aad508bdf6e54023265bbe7f48aae17bb

  • SSDEEP

    6144:Cg1cnoDUQe9OLWyY2+whhKTG9CPUJSUhjl9QnIQS:yoDUQa0JY2+whhmsJSOx92S

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2684
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://www.vivo.com.br/portal/home.php/
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3064
  • C:\Users\Admin\AppData\Local\Temp\09614c4a0ee6bead24ee56b6f8ea45b5.exe
    "C:\Users\Admin\AppData\Local\Temp\09614c4a0ee6bead24ee56b6f8ea45b5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    975164096c3dd51054b54f97970be394

    SHA1

    f9e6a16640962e7a96cacdff74d47375b315e456

    SHA256

    33814c36a9eb26e782df9b927baf177a1f505c4daf5550afb8b67ab5014c3039

    SHA512

    dd19200d48b1437be9adf3b609a2304925f30fcda2a95d6d94204add31d7baa40f52785b1212a1e4cff97a19b242641d86d0ad7a9c0a4ea0f36504a92ae3a598

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    097c156c204a6a68cdad5853eea028c4

    SHA1

    7fd5a89ef9ecec548b4a287d1f351beda0893227

    SHA256

    248e7db0e852ac21dd7ff4a5dbb3f956d5ec8aab73cf7bfb2d01d9f49cc0b75d

    SHA512

    a2d0310bc620fdd8e3f3e6ace341dd4e6edc7cb995d7daf678f650aeb518348ad5155378ec1c3dd03dabbc8c2424e8b261d5e9da57a66c2f4591afd8d796e220

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f040af9b5d89bb917a8f7e29e5448b01

    SHA1

    aa45c9c589d9c7afe3664d178ebc44ded2ee7c53

    SHA256

    90a3530b7eefd8cad513659d9f45cfb66faef0f31cb3f5d8b5d139e2a3183aa6

    SHA512

    aec1c3cd1b041a93ffb995fab593ca0363d3c7495fea31631c7161d1241e9b206f2c443edfc079388579b15ebab6555dac46e8b2ea3e68aa3045e572f87adbcc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8137e139f056840299ba386717bd24f5

    SHA1

    319491901518b91ecdce1b5de6e2c6dac234aea0

    SHA256

    a7f5a481115dd00343763a5d5a508f6948c5183ed51aa0b94d1064ddc4d37b97

    SHA512

    fd97f56373d997fe54ce9361306a5a778c216764a617f979049d2576380630f3fbc88f30342d0aab2f0f3cee039ed819ee96d2c753fa97455759be23738e4c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7be0f00837166b6c062893938a0481a3

    SHA1

    5a8371e4867d858046ea1d8d42e63e49dda06435

    SHA256

    02dca3bc97ed0dbffa3f1821c0f282ebe9ff7ad17566f021805c7c4cc26e401c

    SHA512

    11f724ae6e7331bb9c5e02bb38119eae7205385fad1e2b46f7f4a29f2ba5ec8ab772d1d2256ea28dd987dd338be7ca23d099f710913777b841af4fd83bf05c8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb599180e0a6df57a95d6be4da64c18c

    SHA1

    abd5defedb9659aa4d991fd052f9ba05919f6025

    SHA256

    9ebc5100de66edf34f7dc3e82b432a53ac0ae5f21083d88c87bf4c08c0609e55

    SHA512

    37c9b85b2d9e1c1ac998a7f3d250307bc1a801bb340e2f9ff1f53dc0135ac0f43ce394952d141ddb37014c6ffc9d0f070ea249618be14f2aded2be8661a88829

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c46c6c9f101b43a4cde22c9678a503ea

    SHA1

    28bf354bea8e0a98d562f406e527239119783d74

    SHA256

    0ab41ee0169eb9582f95e53a0e71bd2831e59e541b6246e54a51c11392c384fa

    SHA512

    5328c9b06bba454046170a0fc78d394ecaac4c3326c393f974fcfa62b14c237d086db452740b5c6e5825f0302a6ce5a6fa5bdb70d59e59321c838665058b7dcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • memory/2928-29-0x0000000074AB0000-0x0000000074AB7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2928-3-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-26-0x0000000076C60000-0x0000000076D50000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2928-25-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2928-24-0x0000000075030000-0x0000000075038000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2928-16-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-15-0x0000000074AB0000-0x0000000074AB7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2928-14-0x0000000074AB0000-0x0000000074B08000-memory.dmp

    Filesize

    352KB

    Download

  • memory/2928-11-0x0000000076C60000-0x0000000076D50000-memory.dmp

    Filesize

    960KB

    Download

  • memory/2928-10-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-8-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-7-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-6-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-5-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-4-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-27-0x00000000751A0000-0x00000000751AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2928-2-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-1-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-28-0x0000000075840000-0x0000000075846000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2928-0-0x0000000000400000-0x0000000000416000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2928-30-0x0000000074A60000-0x0000000074AAF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2928-21-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-17-0x0000000074A60000-0x0000000074AAF000-memory.dmp

    Filesize

    316KB

    Download

  • memory/2928-19-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-20-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-18-0x0000000075840000-0x0000000075846000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2928-13-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2928-12-0x00000000751A0000-0x00000000751AC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2928-9-0x000000007EF50000-0x000000007EFAC000-memory.dmp

    Filesize

    368KB

    Download